Merge pull request #1021 from lhywk/fix/null-check-start_redis

Fix Add NULL check to prevent NULL pointer dereference in start_redis( )
Add NULL check after hydra_receive_line() in start_redis()
2025-07-06 04:51:40 -07:00 · 2025-07-03 09:56:21 +02:00 · 2025-07-03 05:07:27 +00:00 · 2025-06-29 17:00:04 +02:00 · 2025-06-29 19:22:31 +05:00 · 2025-06-11 10:41:14 +02:00
135 changed files with 8798 additions and 12604 deletions
--- a/.clang-format
+++ b/.clang-format
@ -0,0 +1,117 @@
+---
+Language:        Cpp
+AccessModifierOffset: -2
+AlignAfterOpenBracket: Align
+AlignConsecutiveAssignments: false
+AlignConsecutiveDeclarations: false
+AlignEscapedNewlines: Right
+AlignOperands:   true
+AlignTrailingComments: true
+AllowAllParametersOfDeclarationOnNextLine: true
+AllowShortBlocksOnASingleLine: false
+AllowShortCaseLabelsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: All
+AllowShortIfStatementsOnASingleLine: false
+AllowShortLoopsOnASingleLine: false
+AlwaysBreakAfterDefinitionReturnType: None
+AlwaysBreakAfterReturnType: None
+AlwaysBreakBeforeMultilineStrings: false
+AlwaysBreakTemplateDeclarations: false
+BinPackArguments: true
+BinPackParameters: true
+BraceWrapping:   
+  AfterClass:      false
+  AfterControlStatement: false
+  AfterEnum:       false
+  AfterFunction:   false
+  AfterNamespace:  false
+  AfterObjCDeclaration: false
+  AfterStruct:     false
+  AfterUnion:      false
+  AfterExternBlock: false
+  BeforeCatch:     false
+  BeforeElse:      false
+  IndentBraces:    false
+  SplitEmptyFunction: true
+  SplitEmptyRecord: true
+  SplitEmptyNamespace: true
+BreakBeforeBinaryOperators: None
+BreakBeforeBraces: Attach
+BreakBeforeInheritanceComma: false
+BreakInheritanceList: BeforeColon
+BreakBeforeTernaryOperators: true
+BreakConstructorInitializersBeforeComma: false
+BreakConstructorInitializers: BeforeColon
+BreakAfterJavaFieldAnnotations: false
+BreakStringLiterals: true
+ColumnLimit:     512
+CommentPragmas:  '^ IWYU pragma:'
+CompactNamespaces: true
+ConstructorInitializerAllOnOneLineOrOnePerLine: false
+ConstructorInitializerIndentWidth: 4
+ContinuationIndentWidth: 4
+Cpp11BracedListStyle: true
+DerivePointerAlignment: false
+DisableFormat:   false
+ExperimentalAutoDetectBinPacking: false
+FixNamespaceComments: true
+ForEachMacros:   
+  - foreach
+  - Q_FOREACH
+  - BOOST_FOREACH
+IncludeBlocks:   Preserve
+IncludeCategories: 
+  - Regex:           '^"(llvm|llvm-c|clang|clang-c)/'
+    Priority:        2
+  - Regex:           '^(<|"(gtest|gmock|isl|json)/)'
+    Priority:        3
+  - Regex:           '.*'
+    Priority:        1
+IncludeIsMainRegex: '(Test)?$'
+IndentCaseLabels: false
+IndentPPDirectives: None
+IndentWidth:     2
+IndentWrappedFunctionNames: false
+JavaScriptQuotes: Leave
+JavaScriptWrapImports: true
+KeepEmptyLinesAtTheStartOfBlocks: false
+MacroBlockBegin: ''
+MacroBlockEnd:   ''
+MaxEmptyLinesToKeep: 1
+NamespaceIndentation: None
+ObjCBinPackProtocolList: Auto
+ObjCBlockIndentWidth: 2
+ObjCSpaceAfterProperty: false
+ObjCSpaceBeforeProtocolList: true
+PenaltyBreakAssignment: 2
+PenaltyBreakBeforeFirstCallParameter: 19
+PenaltyBreakComment: 300
+PenaltyBreakFirstLessLess: 120
+PenaltyBreakString: 1000
+PenaltyBreakTemplateDeclaration: 10
+PenaltyExcessCharacter: 1000000
+PenaltyReturnTypeOnItsOwnLine: 60
+PointerAlignment: Right
+ReflowComments:  true
+SortIncludes:    true
+SortUsingDeclarations: true
+SpaceAfterCStyleCast: false
+SpaceAfterTemplateKeyword: true
+SpaceBeforeAssignmentOperators: true
+SpaceBeforeCpp11BracedList: false
+SpaceBeforeCtorInitializerColon: true
+SpaceBeforeInheritanceColon: true
+SpaceBeforeParens: ControlStatements
+SpaceBeforeRangeBasedForLoopColon: true
+SpaceInEmptyParentheses: false
+SpacesBeforeTrailingComments: 1
+SpacesInAngles:  false
+SpacesInContainerLiterals: true
+SpacesInCStyleCastParentheses: false
+SpacesInParentheses: false
+SpacesInSquareBrackets: false
+Standard:        Cpp11
+TabWidth:        2
+UseTab:          Never
+...
+
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -0,0 +1,37 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**IMPORTANT**
+This is just for reporting *BUGS* not help on how to hack, how to use hydra, command line options or how to get it compiled. Please search for help via search engines. Issues asking for this here will be closed.
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+  * Ensure that you have tested the bug to be present in the current github code. You might be using an outdated version that comes with your Linux distribution!
+  * You must provide full command line options.
+
+Steps to reproduce the behavior:
+1. ...
+2. ...
+3. ...
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+Note that all messages must be in *English*, not in Chinese, Russian, etc.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. Ubuntu 20.04]
+ - hydra version [e.g. current github state]
+
+**Additional context**
+Add any other context about the problem here.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@ -0,0 +1,23 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**IMPORTANT**
+Please note that hydra is still maintained however not actively developed. If you would like to see specific feature here it it recommended implement it yourself and send a pull request - or look for someone to do that for you :-)
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -0,0 +1,38 @@
+name: release
+
+on:
+  push:
+    branches: [master, main]
+    tags-ignore: ['**']
+    paths-ignore: [README, TODO, PROBLEMS]
+  pull_request:
+    paths-ignore: [README, TODO, PROBLEMS]
+
+jobs:
+  docker-image:
+    name: Build the docker image
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: docker/setup-qemu-action@v2
+
+      - uses: docker/setup-buildx-action@v2
+
+      - uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - uses: gacts/github-slug@v1 # Action page: <https://github.com/gacts/github-slug>
+        id: slug
+
+      - uses: docker/build-push-action@v3 # Action page: <https://github.com/docker/build-push-action>
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          platforms: linux/amd64, linux/arm64
+#         ,linux/arm/v6, linux/arm/v7
+          tags: vanhauser/hydra:latest
+        
--- a/.gitignore
+++ b/.gitignore
@ -13,3 +13,4 @@ hydra-gtk/stamp-h
 pw-inspector
 pw-inspector.exe
 hydra.restore
+*~
--- a/.travis.yml
+++ b/.travis.yml
@ -4,6 +4,9 @@ dist: trusty
 os:
  - linux
  - osx
+arch:
+  - amd64
+  - ppc64le
 compiler:
  - clang
  - gcc
--- a/61
+++ b/61
@ -1,6 +1,67 @@
 Changelog for hydra
 -------------------

+Release 9.5
+* many modules did not support -W (all those that used a library for the
+  connection). All (or most?) should be fixed now.
+* http-form:
+  - The help for http-form was wrong. the condition variable must always be
+    the *last* parameter, not the third
+  - Proxy support was not working correctly
+* smb2: fix for updated libsmb2 which resulted in correct guessing attempts
+  not being detected
+* smtp: break early if the server does not allow authentication
+* rdp: detect more return codes that say a user is disabled etc.
+
+
+Release 9.4
+* Switched from pcre/pcre3 to pcre2 as pcre/pcre3 will be dropped from Debian
+* Small fix for weird RTSP servers
+* Added "2=" optional parameter to http-post-form module to tell hydra that
+  a "302" HTTP return code means success
+* replaced wait3 with waitpid for better compatability
+
+
+Release 9.3
+* support Xcode compilation
+* new module: cobaltstrike by ultimaiiii, thank you!
+* fix for ssh to support -M or ip/range
+* fix for rdp to detect empty passwords
+* fix for http-form to no send empty headers
+* fix for http on non-default ports when using with a proxy
+* for vnc/cisco/... protocols that only check for a password, skip host
+  after the password is found
+* fix to support IPv6 addresses in -M
+* fix to test all entries in -C files, not exiting after the first found
+* make disappearing targets faster to terminate on
+* added "make uninstall"
+
+
+Release 9.2
+* fix for http-post-form optional parameters
+* enable gcc 10 support for xhydra too :)
+* msys support
+* removed rain mode (-r) because of inefficiency
+* IPv6 support for Host: header for http based modules
+
+
+Release 9.1
+* rdb: support for libfreerdp3 (thanks to animetauren)
+* new module: smb2 which also supports smb3 (uses libsmbclient-dev) (thanks to Karim Kanso for the module!)
+* oracle: added success condition (thanks to kazkansouh), compile on Cygwin (thanks to maaaaz)
+* rtsp: fixed crash in MD5 auth
+* svn: updated to support past and new API
+* http: now supports F=/S= string matching conditions (thanks to poucz@github)
+* http-proxy: buffer fix, 404 success condition (thanks to kazkansouh)
+* mysql: changed not to use mysql db as a default. if the user has not access to this db auth fails ...
+* sasl: buffer fix (thanks to TenGbps)
+* fixed help for https modules (thanks to Jab2870)
+* added -K command line switch to disable redo attempts (good for mass scanning)
+* forgot to have the -m option in the hydra help output
+* gcc-10 support and various cleanups by Jeroen Roovers, thanks!
+* added .clang-format and formatted all code
+
+
 Release 9.0
 * rdp: Revamped rdp module to use FreeRDP library (thanks to loianhtuan@github for the patch!)
 * Added memcached module
--- a/CITATION.cff
+++ b/CITATION.cff
@ -0,0 +1,20 @@
+cff-version: 1.2.0
+message: "If you use this software, please cite it as below."
+authors:
+  - given-names: Marc
+    family-names: Heuse
+    name-particle: "van Hauser"
+    email: vh@thc.org
+    affiliation: The Hacker's Choice
+title: "hydra"
+version: 9.2
+type: software
+date-released: 2021-03-15
+url: "https://github.com/vanhauser-thc/thc-hydra"
+keywords:
+  - scanning
+  - passwords
+  - hacking
+  - pentesting
+  - securiy
+license: AGPL-3.0-or-later
--- a/77
+++ b/77
@ -0,0 +1,77 @@
+FROM debian:bookworm-slim
+
+ARG HYDRA_VERSION="github"
+
+LABEL \
+    org.opencontainers.image.url="https://github.com/vanhauser-thc/thc-hydra" \
+    org.opencontainers.image.source="https://github.com/vanhauser-thc/thc-hydra" \
+    org.opencontainers.image.version="$HYDRA_VERSION" \
+    org.opencontainers.image.vendor="vanhauser-thc" \
+    org.opencontainers.image.title="hydra" \
+    org.opencontainers.image.licenses="GNU AFFERO GENERAL PUBLIC LICENSE"
+
+COPY . /src
+
+RUN set -x \
+    && apt-get update \
+    && apt-get -y install \
+        #libmysqlclient-dev \
+        default-libmysqlclient-dev \
+        libgpg-error-dev \
+        #libmemcached-dev \
+        #libgcrypt11-dev \
+        libgcrypt-dev \
+        #libgcrypt20-dev \
+        #libgtk2.0-dev \
+        libpcre3-dev \
+        #firebird-dev \
+        libidn11-dev \
+        libssh-dev \
+        #libsvn-dev \
+        libssl-dev \
+        #libpq-dev \
+        make \
+        curl \
+        gcc \
+        1>/dev/null \
+    # The next line fixes the curl "SSL certificate problem: unable to get local issuer certificate" for linux/arm
+    && c_rehash
+
+# Get hydra sources and compile
+RUN cd /src \
+        && make clean \
+        && ./configure \
+        && make \
+        && make install
+
+# Make clean
+RUN apt-get purge -y make gcc \
+    && apt-get autoremove -y \
+    && rm -rf /var/lib/apt/lists/* \
+    && rm -rf /src
+
+# Verify hydra installation
+RUN hydra -h || error_code=$? \
+    && if [ ! "${error_code}" -eq 255 ]; then echo "Wrong exit code for 'hydra help' command"; exit 1; fi \
+    # Unprivileged user creation
+    && echo 'hydra:x:10001:10001::/tmp:/sbin/nologin' > /etc/passwd \
+    && echo 'hydra:x:10001:' > /etc/group
+
+ARG INCLUDE_SECLISTS="true"
+
+RUN set -x \
+    && if [ "${INCLUDE_SECLISTS}" = "true" ]; then \
+        mkdir /tmp/seclists \
+        && curl -SL "https://api.github.com/repos/danielmiessler/SecLists/tarball" -o /tmp/seclists/src.tar.gz \
+        && tar xzf /tmp/seclists/src.tar.gz -C /tmp/seclists \
+        && mv /tmp/seclists/*SecLists*/Passwords /opt/passwords \
+        && mv /tmp/seclists/*SecLists*/Usernames /opt/usernames \
+        && chmod -R u+r /opt/passwords /opt/usernames \
+        && rm -Rf /tmp/seclists \
+        && ls -la /opt/passwords /opt/usernames \
+    ;fi
+
+# Use an unprivileged user
+USER 10001:10001
+
+ENTRYPOINT ["hydra"]
--- a/21
+++ b/21
@ -6,6 +6,23 @@ you run "./configure":
  Redhat/Fedora:  yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel
  OpenSuSE:       zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel

-For the Oracle login module, install the basic and SDK packages:
- http://www.oracle.com/technetwork/database/features/instant-client/index.html
+
+For Termux/Android you need the following setup:
+
+Install the necessary dependencies
+  # pkg install -y x11-repo
+  # pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3
+And then compiling hydra
+  # ./configure --prefix=$PREFIX
+  # make
+  # make install
+
+
+To use xhydra, you will need to install a graphical output in termux, you can be guided from this article:
+
+https://wiki.termux.com/wiki/Graphical_Environment
+
+
+For the Oracle login module, install the basic and SDK packages:
+ https://www.oracle.com/database/technologies/instant-client/downloads.html

--- a/32
+++ b/32
@ -1,12 +1,7 @@
-[see the end of the file for the special exception for linking with OpenSSL
- - debian people need this]
-
-
-
                    GNU AFFERO GENERAL PUBLIC LICENSE
                       Version 3, 19 November 2007

- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

@ -638,8 +633,8 @@ the "copyright" line and a pointer to where the full notice is found.
    Copyright (C) <year>  <name of author>

    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU Affero General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
@ -648,7 +643,7 @@ the "copyright" line and a pointer to where the full notice is found.
    GNU Affero General Public License for more details.

    You should have received a copy of the GNU Affero General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.

 Also add information on how to contact you by electronic and paper mail.

@ -663,21 +658,4 @@ specific requirements.
  You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
 For more information on this, and how to apply and follow the GNU AGPL, see
-<http://www.gnu.org/licenses/>.
-
-
-Special Exception
-
- * In addition, as a special exception, the copyright holders give
- * permission to link the code of portions of this program with the
- * OpenSSL library under certain conditions as described in each
- * individual source file, and distribute linked combinations
- * including the two.
- * You must obey the GNU Affero General Public License in all respects
- * for all of the code used other than OpenSSL.  If you modify
- * file(s) with this exception, you may extend this exception to your
- * version of the file(s), but you are not obligated to do so.  If you
- * do not wish to do so, delete this exception statement from your
- * version.  If you delete this exception statement from all source
- * files in the program, then also delete it here.
-
+<https://www.gnu.org/licenses/>.
--- a/LICENSE.OPENSSL
+++ b/LICENSE.OPENSSL
--- a/3
+++ b/3
@ -3,3 +3,6 @@ all:

 clean:
 	cp -f Makefile.orig Makefile
+
+uninstall:
+	@echo Error: you must run "./configure" first
--- a/Makefile.am
+++ b/Makefile.am
@ -1,13 +1,19 @@
 #
-# Makefile for Hydra - (c) 2001-2019 by van Hauser / THC <vh@thc.org>
+# Makefile for Hydra - (c) 2001-2023 by van Hauser / THC <vh@thc.org>
 #
-OPTS=-I. -O3
+WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations  -Wmissing-declarations
+WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align
+CFLAGS ?= -g
+OPTS=-I. -O3 $(CFLAGS) -fcommon -Wno-deprecated-declarations
+CPPFLAGS += -D_GNU_SOURCE
 # -Wall -g -pedantic
 LIBS=-lm
-BINDIR = /bin
-MANDIR ?= /man/man1/
-DATADIR ?= /etc
 DESTDIR ?=
+BINDIR = /bin
+MANDIR = /man/man1/
+DATADIR = /etc
+PIXDIR = /share/pixmaps
+APPDIR = /share/applications

 SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \
      hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \
@ -20,12 +26,13 @@ SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \
      hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \
      hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \
      hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \
-      hydra-rpcap.c hydra-radmin2.c \
-      hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c
+      hydra-rpcap.c hydra-radmin2.c hydra-cobaltstrike.c \
+      hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \
+      hydra-smb2.c
 OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \
      hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \
      hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \
-      hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o \
+      hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-cobaltstrike.o hydra-xmpp.o \
      hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \
      hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \
      hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \
@ -34,7 +41,8 @@ OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \
      hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \
      hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \
      hydra-rpcap.o hydra-radmin2.o \
-      crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o
+      crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \
+      hydra-smb2.o
 BINS = hydra pw-inspector

 EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \
@ -60,7 +68,7 @@ pw-inspector: pw-inspector.c
 	$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS)

 strip:	all
-	strip $(BINS)
+	-strip $(BINS)
 	-echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null

 install:	strip
@ -73,8 +81,18 @@ install:	strip
 	-cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR)
 	-mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR)
 	-cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR)
+	-mkdir -p $(DESTDIR)$(PREFIX)$(PIXDIR)
+	-cp -f xhydra.png $(DESTDIR)$(PREFIX)$(PIXDIR)/
+	-mkdir -p $(DESTDIR)$(PREFIX)$(APPDIR)
+	-desktop-file-install --dir $(DESTDIR)$(PREFIX)$(APPDIR) xhydra.desktop

 clean:
 	rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile
 	cp -f Makefile.orig Makefile

+uninstall:
+	-rm -f $(DESTDIR)$(PREFIX)$(BINDIR)/xhydra $(DESTDIR)$(PREFIX)$(BINDIR)/hydra $(DESTDIR)$(PREFIX)$(BINDIR)/pw-inspector $(DESTDIR)$(PREFIX)$(BINDIR)/hydra-wizard.sh $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh
+	-rm -f $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_full.csv $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_local.csv
+	-rm -f $(DESTDIR)$(PREFIX)$(MANDIR)/hydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/xhydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/pw-inspector.1
+	-rm -f $(DESTDIR)$(PREFIX)$(PIXDIR)/xhydra.png
+	-rm -f $(DESTDIR)$(PREFIX)$(APPDIR)/xhydra.desktop
--- a/Makefile.orig
+++ b/Makefile.orig
@ -3,3 +3,6 @@ all:

 clean:
 	cp -f Makefile.orig Makefile
+
+uninstall:
+	@echo Error: you must run "./configure" first
--- a/2
+++ b/2
@ -3,5 +3,3 @@ List of known issues:

 * Cygwin: more than 30 tasks (-t 31 or more) will lead to a stack smash
 * OS X: brew installed modules are not compiled correctly and will crash hydra
-* RDP module: disabled as it does not support the current protocol. Help needed!
-
--- a/33
+++ b/33
@ -1,7 +1,7 @@

 				  H Y D R A

-                      (c) 2001-2019 by van Hauser / THC
+                      (c) 2001-2023 by van Hauser / THC
             <vh@thc.org> https://github.com/vanhauser-thc/thc-hydra
       many modules were written by David (dot) Maciejak @ gmail (dot) com
                 BFG code by Jan Dlabal <dlabaljan@gmail.com>
@ -10,7 +10,17 @@

           Please do not use in military or secret service organizations,
                          or for illegal purposes.
+      (This is the wish of the author and non-binding. Many people working
+       in these organizations do not care for laws and ethics anyways.
+            You are not one of the "good" ones if you ignore this.)

+           NOTE: no this is not meant to be a markdown doc! old school!
+
+
+Hydra in the most current github state can be directly downloaded via docker:
+```
+docker pull vanhauser/hydra
+```


 INTRODUCTION
@ -24,7 +34,7 @@ access from remote to a system.
 THIS TOOL IS FOR LEGAL PURPOSES ONLY!

 There are already several login hacker tools available, however, none does
-either support more than one protocol to attack or support parallized
+either support more than one protocol to attack or support parallelized
 connects.

 It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris,
@ -35,7 +45,7 @@ Currently this tool supports the following protocols:
 HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY,
 HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST,
 HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener,
- Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin,
+ Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin,
 Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5,
 SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth,
 VNC and XMPP.
@ -58,6 +68,10 @@ repository is at Github:
 Use the development version at your own risk. It contains new features and
 new bugs. Things might not work!

+Alternatively (and easier) to can pull it as a docker container:
+```
+docker pull vanhauser/hydra
+```


 HOW TO COMPILE
@ -71,7 +85,7 @@ make install
 ```

 If you want the ssh module, you have to setup libssh (not libssh2!) on your
-system,  get it from http://www.libssh.org, for ssh v1 support you also need
+system,  get it from https://www.libssh.org, for ssh v1 support you also need
 to add "-DWITH_SSH1=On" option in the cmake command line.
 IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew!

@ -81,8 +95,8 @@ for a few optional modules (note that some might not be available on your distri
 ```
 apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
                 libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \
-                 firebird-dev libmemcached-dev libmongoc-dev \
-                 libfreerdp-client2-2
+                 firebird-dev libmemcached-dev libgpg-error-dev \
+                 libgcrypt11-dev libgcrypt20-dev freetds-dev
 ```

 This enables all optional modules and features with the exception of Oracle,
@ -150,7 +164,7 @@ THIRD - check if the module has optional parameters
 e.g. hydra -U smtp

 FOURTH - the destination port
- this is optional! if no port is supplied the default common port for the
+ this is optional, if no port is supplied the default common port for the
 PROTOCOL is used.
 If you specify SSL to use ("-S" option), the SSL common port is used by default.

@ -167,7 +181,7 @@ All attacks are then IPv6 only!
 If you want to supply your targets via a text file, you can not use the ://
 notation but use the old style and just supply the protocol (and module options):
  hydra [some command line options] -M targets.txt ftp
-You can supply also the port for each target entry by adding ":<port>" after a
+You can also supply the port for each target entry by adding ":<port>" after a
 target entry in the file, e.g.:

 ```
@ -253,6 +267,7 @@ Examples:
 -x 1:3:a generate passwords from length 1 to 3 with all lowercase letters
 -x 2:5:/ generate passwords from length 2 to 5 containing only slashes
 -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers
+-x '3:3:aA1&~#\\ "\'<{([-|_^@)]=}>$%*?./§,;:!`' -v generates length 3 passwords with all 95 characters, and verbose. 
 ```

 Example:
@ -379,7 +394,7 @@ Version 1.00 example:
        "These are very free form"
    ],
    "generator": {
-        "built": "2019-03-01 14:44:22",
+        "built": "2021-03-01 14:44:22",
        "commandline": "hydra -b jsonv1 -o results.json ... ...",
        "jsonoutputversion": "1.00",
        "server": "127.0.0.1",
--- a/README.md
+++ b/README.md
@ -1,530 +0,0 @@
-
-				  H Y D R A
-
-                      (c) 2001-2019 by van Hauser / THC
-             <vh@thc.org> https://github.com/vanhauser-thc/thc-hydra
-       many modules were written by David (dot) Maciejak @ gmail (dot) com
-                 BFG code by Jan Dlabal <dlabaljan@gmail.com>
-
-  		    Licensed under AGPLv3 (see LICENSE file)
-
-           Please do not use in military or secret service organizations,
-                          or for illegal purposes.
-
-
-
-INTRODUCTION
------------
-Number one of the biggest security holes are passwords, as every password
-security study shows.
-This tool is a proof of concept code, to give researchers and security
-consultants the possibility to show how easy it would be to gain unauthorized
-access from remote to a system.
-
-THIS TOOL IS FOR LEGAL PURPOSES ONLY!
-
-There are already several login hacker tools available, however, none does
-either support more than one protocol to attack or support parallelized
-connects.
-
-It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris,
-FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS.
-
-Currently this tool supports the following protocols:
- Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,
- HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY,
- HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST,
- HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener,
- Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin,
- Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5,
- SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth,
- VNC and XMPP.
-
-However the module engine for new services is very easy so it won't take a
-long time until even more services are supported.
-Your help in writing, enhancing or fixing modules is highly appreciated!! :-)
-
-
-
-WHERE TO GET
------------
-You can always find the newest release/production version of hydra at its
-project page at https://github.com/vanhauser-thc/thc-hydra/releases
-If you are interested in the current development state, the public development
-repository is at Github:
-  svn co https://github.com/vanhauser-thc/thc-hydra
- or
-  git clone https://github.com/vanhauser-thc/thc-hydra
-Use the development version at your own risk. It contains new features and
-new bugs. Things might not work!
-
-
-
-HOW TO COMPILE
--------------
-To configure, compile and install hydra, just type:
-
-```
-./configure
-make
-make install
-```
-
-If you want the ssh module, you have to setup libssh (not libssh2!) on your
-system,  get it from http://www.libssh.org, for ssh v1 support you also need
-to add "-DWITH_SSH1=On" option in the cmake command line.
-IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew!
-
-If you use Ubuntu/Debian, this will install supplementary libraries needed
-for a few optional modules (note that some might not be available on your distribution):
-
-```
-apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
-                 libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \
-                 firebird-dev libmemcached-dev
-```
-
-This enables all optional modules and features with the exception of Oracle,
-SAP R/3, NCP and the apple filing protocol - which you will need to download and
-install from the vendor's web sites.
-
-For all other Linux derivates and BSD based systems, use the system
-software installer and look for similarly named libraries like in the
-command above. In all other cases, you have to download all source libraries
-and compile them manually.
-
-
-
-SUPPORTED PLATFORMS
-------------------
- All UNIX platforms (Linux, *BSD, Solaris, etc.)
- MacOS (basically a BSD clone)
- Windows with Cygwin (both IPv4 and IPv6)
- Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
-
-
-
-HOW TO USE
----------
-If you just enter `hydra`, you will see a short summary of the important
-options available.
-Type `./hydra -h` to see all available command line options.
-
-Note that NO login/password file is included. Generate them yourself.
-A default password list is however present, use "dpl4hydra.sh" to generate
-a list.
-
-For Linux users, a GTK GUI is available, try `./xhydra`
-
-For the command line usage, the syntax is as follows:
- For attacking one target or a network, you can use the new "://" style:
-  hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS
- The old mode can be used for these too, and additionally if you want to
- specify your targets from a text file, you *must* use this one:
-
-```
-hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS]
-```
-
-Via the command line options you specify which logins to try, which passwords,
-if SSL should be used, how many parallel tasks to use for attacking, etc.
-
-PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp,
-http-get or many others are available
-TARGET is the target you want to attack
-MODULE-OPTIONS are optional values which are special per PROTOCOL module
-
-FIRST - select your target
- you have three options on how to specify the target you want to attack:
- 1. a single target on the command line: just put the IP or DNS address in
- 2. a network range on the command line: CIDR specification like "192.168.0.0/24"
- 3. a list of hosts in a text file: one line per entry (see below)
-
-SECOND - select your protocol
- Try to avoid telnet, as it is unreliable to detect a correct or false login attempt.
- Use a port scanner to see which protocols are enabled on the target.
-
-THIRD - check if the module has optional parameters
- hydra -U PROTOCOL
- e.g. hydra -U smtp
-
-FOURTH - the destination port
- this is optional! if no port is supplied the default common port for the
- PROTOCOL is used.
- If you specify SSL to use ("-S" option), the SSL common port is used by default.
-
-
-If you use "://" notation, you must use "[" "]" brackets if you want to supply
-IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack:
-  hydra [some command line options] ftp://[192.168.0.0/24]/
-  hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM
-
-Note that everything hydra does is IPv4 only!
-If you want to attack IPv6 addresses, you must add the "-6" command line option.
-All attacks are then IPv6 only!
-
-If you want to supply your targets via a text file, you can not use the ://
-notation but use the old style and just supply the protocol (and module options):
-  hydra [some command line options] -M targets.txt ftp
-You can supply also the port for each target entry by adding ":<port>" after a
-target entry in the file, e.g.:
-
-```
-foo.bar.com
-target.com:21
-unusual.port.com:2121
-default.used.here.com
-127.0.0.1
-127.0.0.1:2121
-```
-
-Note that if you want to attach IPv6 targets, you must supply the -6 option
-and *must* put IPv6 addresses in brackets in the file(!) like this:
-
-```
-foo.bar.com
-target.com:21
-[fe80::1%eth0]
-[2001::1]
-[2002::2]:8080
-[2a01:24a:133:0:00:123:ff:1a]
-```
-
-LOGINS AND PASSWORDS
--------------------
-You have many options on how to attack with logins and passwords
-With -l for login and -p for password you tell hydra that this is the only
-login and/or password to try.
-With -L for logins and -P for passwords you supply text files with entries.
-e.g.:
-
-```
-hydra -l admin -p password ftp://localhost/
-hydra -L default_logins.txt -p test ftp://localhost/
-hydra -l admin -P common_passwords.txt ftp://localhost/
-hydra -L logins.txt -P passwords.txt ftp://localhost/
-```
-
-Additionally, you can try passwords based on the login via the "-e" option.
-The "-e" option has three parameters:
-
-```
-s - try the login as password
-n - try an empty password
-r - reverse the login and try it as password
-```
-
-If you want to, e.g. try "try login as password and "empty password", you 
-specify "-e sn" on the command line.
-
-But there are two more modes for trying passwords than -p/-P:
-You can use text file which where a login and password pair is separated by a colon,
-e.g.:
-
-```
-admin:password
-test:test
-foo:bar
-```
-
-This is a common default account style listing, that is also generated by the
-dpl4hydra.sh default account file generator supplied with hydra.
-You use such a text file with the -C option - note that in this mode you
-can not use -l/-L/-p/-P options (-e nsr however you can).
-Example:
-
-```
-hydra -C default_accounts.txt ftp://localhost/
-```
-
-And finally, there is a bruteforce mode with the -x option (which you can not
-use with -p/-P/-C):
-
-```
-x minimum_length:maximum_length:charset
-```
-
-the charset definition is `a` for lowercase letters, `A` for uppercase letters,
-`1` for numbers and for anything else you supply it is their real representation.
-Examples:
-
-```
-x 1:3:a generate passwords from length 1 to 3 with all lowercase letters
-x 2:5:/ generate passwords from length 2 to 5 containing only slashes
-x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers
-```
-
-Example:
-
-```
-hydra -l ftp -x 3:3:a ftp://localhost/
-```
-
-SPECIAL OPTIONS FOR MODULES
---------------------------
-Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m
-command line option, you can pass one option to a module.
-Many modules use this, a few require it!
-
-To see the special option of a module, type:
-
-  hydra -U <module>
-
-e.g.
-
-  ./hydra -U http-post-form
-
-The special options can be passed via the -m parameter, as 3rd command line
-option or in the service://target/option format.
-
-Examples (they are all equal):
-
-```
-./hydra -l test -p test -m PLAIN 127.0.0.1 imap
-./hydra -l test -p test 127.0.0.1 imap PLAIN
-./hydra -l test -p test imap://127.0.0.1/PLAIN
-```
-
-RESTORING AN ABORTED/CRASHED SESSION
------------------------------------
-When hydra is aborted with Control-C, killed or crashes, it leaves a
-"hydra.restore" file behind which contains all necessary information to
-restore the session. This session file is written every 5 minutes.
-NOTE: the hydra.restore file can NOT be copied to a different platform (e.g.
-from little endian to big endian, or from Solaris to AIX)
-
-HOW TO SCAN/CRACK OVER A PROXY
------------------------------
-The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works
-just for the http services!).
-The following syntax is valid:
-
-```
-HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
-HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/"
-HYDRA_PROXY_HTTP="proxylist.txt"
-```
-
-The last example is a text file containing up to 64 proxies (in the same
-format definition as the other examples).
-
-For all other services, use the HYDRA_PROXY variable to scan/crack.
-It uses the same syntax. eg:
-
-```
-HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port
-```
-
-for example:
-
-```
-HYDRA_PROXY=connect://proxy.anonymizer.com:8000
-HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080
-HYDRA_PROXY=socksproxylist.txt
-```
-
-ADDITIONAL HINTS
----------------
-* sort your password files by likelihood and use the -u option to find
-  passwords much faster!
-* uniq your dictionary files! this can save you a lot of time :-)
-    cat words.txt | sort | uniq > dictionary.txt
-* if you know that the target is using a password policy (allowing users
-  only to choose a password with a minimum length of 6, containing a least one
-  letter and one number, etc. use the tool pw-inspector which comes along
-  with the hydra package to reduce the password list:
-    cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt
-
-
-RESULTS OUTPUT
--------------
-
-The results are output to stdio along with the other information.  Via the -o
-command line option, the results can also be written to a file.  Using -b,
-the format of the output can be specified.  Currently, these are supported:
-
-* `text`   - plain text format
-* `jsonv1` - JSON data using version 1.x of the schema (defined below).
-* `json`   - JSON data using the latest version of the schema, currently there
-             is only version 1.
-
-If using JSON output, the results file may not be valid JSON if there are
-serious errors in booting Hydra.
-
-
-JSON Schema
-----------
-Here is an example of the JSON output.  Notes on some of the fields:
-
-* `errormessages` - an array of zero or more strings that are normally printed
-   to stderr at the end of the Hydra's run.  The text is very free form.
-* `success` - indication if Hydra ran correctly without error (**NOT** if
-   passwords were detected).  This parameter is either the JSON value `true`
-   or `false` depending on completion.  
-* `quantityfound` - How many username+password combinations discovered.
-* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00,
-   2.03, etc.  Hydra will make second tuple of the version to always be two
-   digits to make it easier for downstream processors (as opposed to v1.1 vs
-   v1.10).  The minor-level versions are additive, so 1.02 will contain more
-   fields than version 1.00 and will be backward compatible.  Version 2.x will
-   break something from version 1.x output.  
-
-Version 1.00 example:
-```
-{
-    "errormessages": [
-        "[ERROR] Error Message of Something",
-        "[ERROR] Another Message",
-        "These are very free form"
-    ],
-    "generator": {
-        "built": "2019-03-01 14:44:22",
-        "commandline": "hydra -b jsonv1 -o results.json ... ...",
-        "jsonoutputversion": "1.00",
-        "server": "127.0.0.1",
-        "service": "http-post-form",
-        "software": "Hydra",
-        "version": "v8.5"
-    },
-    "quantityfound": 2,
-    "results": [
-        {
-            "host": "127.0.0.1",
-            "login": "bill@example.com",
-            "password": "bill",
-            "port": 9999,
-            "service": "http-post-form"
-        },
-        {
-            "host": "127.0.0.1",
-            "login": "joe@example.com",
-            "password": "joe",
-            "port": 9999,
-            "service": "http-post-form"
-        }
-    ],
-    "success": false
-}
-```
-
-
-SPEED
-----
-through the parallelizing feature, this password cracker tool can be very
-fast, however it depends on the protocol. The fastest are generally POP3
-and FTP.
-Experiment with the task option (-t) to speed things up! The higher - the
-faster ;-) (but too high - and it disables the service)
-
-
-
-STATISTICS
----------
-Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing
-295 entries (294 tries invalid logins, 1 valid). Every test was run three
-times (only for "1 task" just once), and the average noted down.
-
-```
-			P A R A L L E L    T A S K S
-SERVICE	1	4	8	16	32	50	64	100	128
------- --------------------------------------------------------------------
-telnet	23:20	5:58	2:58	1:34	1:05	0:33	0:45*	0:25*	0:55*
-ftp	45:54	11:51	5:54	3:06	1:25	0:58	0:46	0:29	0:32
-pop3	92:10	27:16	13:56	6:42	2:55	1:57	1:24	1:14	0:50
-imap	31:05	7:41	3:51	1:58	1:01	0:39	0:32	0:25	0:21
-```
-
-(*)
-Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with
-128 tasks, running four times resulted in timings between 28 and 97 seconds!
-The reason for this is unknown...
-
-guesses per task (rounded up):
-	
-  295	74	38	19	10	6	5	3	3
-
-guesses possible per connect (depends on the server software and config):
-	
-  telnet	4
-	ftp	6
-	pop3	1
-	imap	3
-
-
-
-BUGS & FEATURES
---------------
-Hydra:
-Email me or David if you find bugs or if you have written a new module.
-vh@thc.org (and put "antispam" in the subject line)
-
-
-You should use PGP to encrypt emails to vh@thc.org :
-
-```
-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v3.3.3 (vh@thc.org)
-
-mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT
-KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ
-FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c
-vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k
-Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p
-lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI
-zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI
-DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf
-lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN
-DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5
-n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB
-tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC
-F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ
-xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH
-Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4
-qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz
-dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp
-QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga
-V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5
-slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl
-Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM
-0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP
-JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs
-IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL
-CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS
-AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ
-HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR
-2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C
-nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc
-XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6
-Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL
-ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V
-l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F
-n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl
-7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb
-/hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii
-tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5
-Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR
-gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt
-x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62
-0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS
-+C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw
-G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA
-oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr
-rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC
-v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5
-02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv
-s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ
-Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK
-d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP
-gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y
-ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP
-8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd
-X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD
-aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN
-cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC
-Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR
-zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni
-1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT
-zB3yrr+vYBT0uDWmxwPjiJs=
-=ytEf
-----END PGP PUBLIC KEY BLOCK-----
-```
--- a/5
+++ b/5
@ -1,4 +1,9 @@

+./configure:
+ - add test for -march=native
+
+--- this is old ---
+
 Prio 1:
 * add cookie support to hydra-http.c
 * hydra-smb more than 1 connection?
--- a/_config.yml
+++ b/_config.yml
@ -0,0 +1,2 @@
+title: "thc-hydra" 
+theme: jekyll-theme-midnight
--- a/bfg.c
+++ b/bfg.c
@ -1,11 +1,11 @@

-/* code original by Jan Dlabal <dlabaljan@gmail.com>, partially rewritten by vh */
+/* code original by Jan Dlabal <dlabaljan@gmail.com>, partially rewritten by vh. */

+#include <ctype.h>
+#include <math.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <math.h>
-#include <ctype.h>
 #ifdef __sun
 #include <sys/int_types.h>
 #elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
@ -24,17 +24,23 @@ extern int32_t debug;
 static int32_t add_single_char(char ch, char flags, int32_t *crs_len) {
  if ((ch >= '2' && ch <= '9') || ch == '0') {
    if ((flags & BF_NUMS) > 0) {
-      printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", ch);
+      printf("[ERROR] character %c defined in -x although the whole number "
+             "range was already defined by '1', ignored\n",
+             ch);
      return 0;
    }
-    //printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", ch);
+    // printf("[WARNING] adding character %c for -x, note that '1' will add all
+    // numbers from 0-9\n", ch);
  }
  if (tolower((int32_t)ch) >= 'b' && tolower((int32_t)ch) <= 'z') {
    if ((ch <= 'Z' && (flags & BF_UPPER) > 0) || (ch > 'Z' && (flags & BF_UPPER) > 0)) {
-      printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", ch, ch <= 'Z' ? 'A' : 'a');
+      printf("[ERROR] character %c defined in -x although the whole letter "
+             "range was already defined by '%c', ignored\n",
+             ch, ch <= 'Z' ? 'A' : 'a');
      return 0;
    }
-    //printf("[WARNING] adding character %c for -x, note that '%c' will add all %scase letters\n", ch, ch <= 'Z' ? 'A' : 'a', ch <= 'Z' ? "up" : "low");
+    // printf("[WARNING] adding character %c for -x, note that '%c' will add all
+    // %scase letters\n", ch, ch <= 'Z' ? 'A' : 'a', ch <= 'Z' ? "up" : "low");
  }
  (*crs_len)++;
  if (BF_CHARSMAX - *crs_len < 1) {
@ -65,7 +71,8 @@ int32_t bf_init(char *arg) {
  }
  bf_options.from = atoi(arg);
  if (bf_options.from < 1 || bf_options.from > 127) {
-    fprintf(stderr, "Error: minimum length must be between 1 and 127, format: -x min:max:types\n");
+    fprintf(stderr, "Error: minimum length must be between 1 and 127, format: "
+                    "-x min:max:types\n");
    return 1;
  }
  arg = tmp + 1;
@ -85,7 +92,8 @@ int32_t bf_init(char *arg) {
  tmp++;

  if (bf_options.from > bf_options.to) {
-    fprintf(stderr, "Error: you specified a minimum length higher than the maximum length!\n");
+    fprintf(stderr, "Error: you specified a minimum length higher than the "
+                    "maximum length!\n");
    return 1;
  }

@ -165,14 +173,15 @@ int32_t bf_init(char *arg) {

  bf_options.crs_len = crs_len;
  bf_options.current = bf_options.from;
+
  memset((char *)bf_options.state, 0, sizeof(bf_options.state));
+
  if (debug)
    printf("[DEBUG] bfg INIT: from %u, to %u, len: %u, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs);

  return 0;
 }

-
 uint64_t bf_get_pcount() {
  int32_t i;
  double count = 0;
@ -181,7 +190,8 @@ uint64_t bf_get_pcount() {
  for (i = bf_options.from; i <= bf_options.to; i++)
    count += (pow((double)bf_options.crs_len, (double)i));
  if (count >= 0xffffffff) {
-    fprintf(stderr, "\n[ERROR] definition for password bruteforce (-x) generates more than 4 billion passwords\n");
+    fprintf(stderr, "\n[ERROR] definition for password bruteforce (-x) "
+                    "generates more than 4 billion passwords - this is not a bug in the program, it is just not feasible to try so many attempts. Try a calculator how long that would take. duh.\n");
    exit(-1);
  }

@ -189,7 +199,6 @@ uint64_t bf_get_pcount() {
  return foo;
 }

-
 char *bf_next() {
  int32_t i, pos = bf_options.current - 1;

@ -201,8 +210,9 @@ char *bf_next() {
    return NULL;
  }

-  for (i = 0; i < bf_options.current; i++)
+  for (i = 0; i < bf_options.current; ++i)
    bf_options.ptr[i] = bf_options.crs[bf_options.state[i]];
+  // we don't subtract the same depending on wether the length is odd or even
  bf_options.ptr[bf_options.current] = 0;

  if (debug) {
@ -212,12 +222,13 @@ char *bf_next() {
    printf(", x: %s\n", bf_options.ptr);
  }

+  // we revert the ordering of the bruteforce to fix the first static character
  while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) {
    bf_options.state[pos] = 0;
    pos--;
  }

-  if (pos < 0) {
+  if (pos < 0 || pos >= bf_options.current) {
    bf_options.current++;
    memset((char *)bf_options.state, 0, sizeof(bf_options.state));
  }
--- a/bfg.h
+++ b/bfg.h
@ -24,7 +24,9 @@
 #define BF_WEBSITE "http://houbysoft.com/bfg/"

 #define BF_BUFLEN 1024
-#define BF_CHARSMAX 256         /* how many max possibilities there are for characters, normally it's 2^8 = 256 */
+#define BF_CHARSMAX                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            \
+  256 /* how many max possibilities there are for characters, normally it's                                                                                                                                                                                                                                                                                                                                                                                                                                                    \
+         2^8 = 256 */

 #define BF_LOWER 1
 #define BF_UPPER 2
--- a/395
+++ b/395
@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# uname -s = Linux | OpenBSD | FreeBSD
+# uname -s = Linux | OpenBSD | FreeBSD | Darwin
 # uname -m = i636 or x86_64

 if [ "$1" = "-h" -o "$1" = "--help" ]; then
@ -17,10 +17,12 @@ if [ "$1" = "-h" -o "$1" = "--help" ]; then
  echo "  --help                     this here"
  echo
  echo If the CC environment variable is set, this is used as the compiler for the configure tests. The default is \"gcc\" otherwise.
+  echo You can also set PKG_CONFIG if necessary.
  exit 0
 fi

 test -z "$CC" && CC=gcc
+test -z "$PKG_CONFIG" && PKG_CONFIG=pkg-config

 FHS=""
 SIXFOUR=""
@ -38,6 +40,7 @@ WSSL_LIB_PATH=""
 CURSES_PATH=""
 CURSES_IPATH=""
 CRYPTO_PATH=""
+GPGERROR_IPATH=""
 IDN_PATH=""
 IDN_IPATH=""
 PR29_IPATH=""
@ -71,6 +74,10 @@ MANDIR=""
 XHYDRA_SUPPORT=""
 FREERDP2_PATH=""
 WINPR2_PATH=""
+FREERDP3_PATH=""
+WINPR3_PATH=""
+SMBC_PATH=""
+SMBC_IPATH=""

 if [ '!' "X" = "X$*" ]; then
  while [ $# -gt 0 ] ; do
@ -125,6 +132,7 @@ echo "Starting hydra auto configuration ..."
 rm -f Makefile.in
 SYSS=`uname -s 2> /dev/null`
 SYSO=`uname -o 2> /dev/null`
+SYSM=`uname -m 2> /dev/null`
 if [ "$SYSS" = "Linux" -o "$SYSS" = "OpenBSD" -o "$SYSS" = "FreeBSD" -o "$SYSS" = "NetBSD" -o "$SYSS" = "Darwin" ]; then
  SF=`uname -m | grep 64`
  if [ `uname -m` = "s390x" ]; then
@ -141,7 +149,7 @@ fi
 # On macOS /usr/include only exists if one has installed the Command Line Tools package.
 # If this is an Xcode-only system we need to look inside the SDK for headers.
 SDK_PATH=""
-if [ "$SYSS" = "Darwin" ] && [ ! -d "/usr/include" ]; then
+if [ "$SYSS" = "Darwin" -a ! -d "/usr/include" ]; then
  SDK_PATH=`xcrun --show-sdk-path`
 fi
 LIBDIRS=`cat /etc/ld.so.conf /etc/ld.so.conf.d/* 2> /dev/null | grep -v '^#' | sort | uniq`
@ -151,8 +159,8 @@ fi
 if [ -d "/Library/Developer/CommandLineTools/usr/lib" ]; then
  LIBDIRS="$LIBDIRS /Library/Developer/CommandLineTools/usr/lib /Library/Developer/CommandLineTools/lib"
 fi
-LIBDIRS="$LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib"
-INCDIRS="$SDK_PATH/usr/include /usr/local/include /opt/include /opt/local/include"
+LIBDIRS="$LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib /mingw64/lib /mingw64/bin"
+INCDIRS="$SDK_PATH/usr/include /usr/local/include /opt/include /opt/local/include /mingw64/include"
 if [ -n "$PREFIX" ]; then
    if [ -d "$PREFIX/lib" ]; then
        LIBDIRS="$LIBDIRS $PREFIX/lib"
@ -164,7 +172,7 @@ fi
 STRIP="strip"
 echo

-echo "Checking for zlib (libz.so, zlib.h) ..."
+echo "Checking for zlib (libz/zlib.h) ..."
 for i in $INCDIRS; do
   if [ -f "$i/zlib.h" ]; then
 	HAVE_ZLIB="y"
@ -177,7 +185,33 @@ else
   echo "                                ... zlib not found, gzip support disabled"
 fi

-echo "Checking for openssl (libssl, libcrypto, ssl.h, sha.h) ..."
+echo "Checking for sybdb (sybdb.h) ..."
+for i in $INCDIRS; do
+   if [ -f "$i/sybdb.h" ]; then
+	HAVE_SYBDB="y"
+   fi
+done
+
+if [ -n "$HAVE_SYBDB" ]; then
+   echo "                                ... found"
+else
+   echo "                                ... sybdb not found, MSSQL module will lack TDSv7 support"
+fi
+
+echo "Checking for sybfront (sybfront.h) ..."
+for i in $INCDIRS; do
+   if [ -f "$i/sybfront.h" ]; then
+	HAVE_SYBFRONT="y"
+   fi
+done
+
+if [ -n "$HAVE_SYBFRONT" ]; then
+   echo "                                ... found"
+else
+   echo "                                ... sybfront not found, MSSQL module will lack TDSv7 support"
+fi
+
+echo "Checking for openssl (libssl/libcrypto/ssl.h/sha.h) ..."
 if [ "X" != "X$DEBUG" ]; then
   echo DEBUG: SSL_LIB=$LIBDIRS `ls -d /*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib 2> /dev/null`
   echo DEBUG: SSL_INC=$INCDIRS `ls -d /*ssl/include /opt/*ssl/include /usr/*ssl/include /usr/local/*ssl/include 2> /dev/null`
@ -260,23 +294,34 @@ if [ "$SSL_IPATH" = "/usr/include" ]; then
    SSL_IPATH=""
 fi

-echo "Checking for gcrypt (libgcrypt.so) ..."
+echo "Checking for gcrypt (libgcrypt/gpg-error.h) ..."
 for i in $LIBDIRS ; do
-    if [ "X" = "X$GCRYPT_PATH" ]; then
    if [ -f "$i/libgcrypt.so" -o -f "$i/libgcrypt.dylib" -o -f "$i/libgcrypt.a" -o -f "$i/libgcrypt.dll.a" -o -f "$i/libgcrypt.la" ]; then
 	  HAVE_GCRYPT="y"
    fi
+done
+
+for i in $INCDIRS ; do
+    if [ "X" = "X$GPGERROR_IPATH" ]; then
+        TMP_PATH=`/bin/ls $i/$SYSM*/gpg-error.h 2> /dev/null`
+        if [ -n "$TMP_PATH" ]; then
+            GPGERROR_IPATH="$i"
+        else
+            if [ -f "$i/gpg-error.h" ]; then
+                GPGERROR_IPATH="$i"
+            fi
+        fi
    fi
 done
-if [ -n "$HAVE_GCRYPT" ]; then
+
+if [ -n "$HAVE_GCRYPT" -a "X" != "X$GPGERROR_IPATH" ]; then
    echo "                                            ... found"
 else
    echo "                                            ... gcrypt not found, radmin2 module disabled"
+    HAVE_GCRYPT=""
 fi

-
-
-echo "Checking for idn (libidn.so) ..."
+echo "Checking for idn (libidn) ..."
 for i in $LIBDIRS ; do
    if [ "X" = "X$IDN_PATH" ]; then
        if [ -f "$i/libidn.so" -o -f "$i/libidn.dylib" -o -f "$i/libidn.a" -o -f "$i/libidn.dll.a" -o -f "$i/libidn.la" ]; then
@ -318,7 +363,7 @@ if [ "X" = "X$IDN_PATH" -o "X" = "X$IDN_IPATH" ]; then
    PR29_IPATH=""
 fi

-echo "Checking for curses (libcurses.so / term.h) ..."
+echo "Checking for curses (libcurses/term.h) ..."
 for i in $LIBDIRS; do
    if [ "X" = "X$CURSES_PATH" ]; then
        if [ -f "$i/libcurses.so" -o -f "$i/libcurses.dylib" -o -f "$i/libcurses.a"   ]; then
@ -361,21 +406,21 @@ if [ "X" = "X$CURSES_PATH" -o "X" = "X$CURSES_IPATH" ]; then
    CURSES_IPATH=""
 fi

-echo "Checking for pcre (libpcre.so, pcre.h) ..."
+echo "Checking for pcre2 (libpcre/pcre.h) ..."
 for i in $LIBDIRS ; do
    if [ "X" = "X$PCRE_PATH" ]; then
-        if [ -f "$i/libpcre.so" -o -f "$i/libpcre.dylib" -o -f "$i/libpcre.a"   ]; then
+        if [ -f "$i/libpcre2-8.so" -o -f "$i/libpcre2-8.dylib" -o -f "$i/libpcre2-8.a"   ]; then
            PCRE_PATH="$i"
        fi
    fi
    if [ "X" = "X$PCRE_PATH" ]; then
-        TMP_LIB=`/bin/ls $i/libpcre.so* 2> /dev/null | grep libpcre.`
+        TMP_LIB=`/bin/ls $i/libpcre2*.so* 2> /dev/null | grep libpcre.`
        if [ -n "$TMP_LIB" ]; then
          PCRE_PATH="$i"
        fi
    fi
    if [ "X" = "X$PCRE_PATH" ]; then
-        TMP_LIB=`/bin/ls $i/libpcre.dll* 2> /dev/null | grep libpcre.`
+        TMP_LIB=`/bin/ls $i/libpcre2*.dll* 2> /dev/null | grep libpcre.`
        if [ -n "$TMP_LIB" ]; then
          PCRE_PATH="$i"
        fi
@ -383,14 +428,14 @@ for i in $LIBDIRS ; do
 done
 for i in $INCDIRS ; do
    if [ "X" != "X$PCRE_PATH" ]; then
-        if [ -f "$i/pcre.h" ]; then
+        if [ -f "$i/pcre2.h" ]; then
            PCRE_IPATH="$i"
        fi
    fi
 done
 if [ "X" != "X$DEBUG" ]; then
   echo DEBUG: PCRE_PATH=$PCRE_PATH/libpcre
-   echo DEBUG: PCRE_IPATH=$PCRE_IPATH/pcre.h
+   echo DEBUG: PCRE_IPATH=$PCRE_IPATH/pcre2.h
 fi
 if [ -n "$PCRE_PATH" -a -n "$PCRE_IPATH" ]; then
    echo "                                    ... found"
@ -401,7 +446,7 @@ if [ "X" = "X$PCRE_PATH" -o "X" = "X$PCRE_IPATH" ]; then
    PCRE_IPATH=""
 fi

-echo "Checking for Postgres (libpq.so, libpq-fe.h) ..."
+echo "Checking for Postgres (libpq/libpq-fe.h) ..."
 #if [ "$SYSO" = "Cygwin" ]; then
 #    echo "                                             ... DISABLED - postgres is buggy in Cygwin at the moment"
 #    POSTGRES_PATH=""
@ -428,7 +473,7 @@ echo "Checking for Postgres (libpq.so, libpq-fe.h) ..."
  done
  POSTGRES_IPATH=
  for i in $INCDIRS \
-    /opt/p*sql*/include /usr/*p*sql*/include /usr/local/*psql*/include
+    /opt/p*sql*/include /usr/*p*sql*/include /usr/local/*psql*/include /mingw64/include
  do
    if [ "X" = "X$POSTGRES_IPATH" ]; then
        if [ -f "$i/libpq-fe.h" ]; then
@ -457,7 +502,7 @@ fi
  fi
 #fi

-echo "Checking for SVN (libsvn_client-1 libapr-1.so libaprutil-1.so) ..."
+echo "Checking for SVN (libsvn_client-1/libapr-1/libaprutil-1) ..."
 for i in $LIBDIRS ; do
    if [ "X" = "X$SVN_PATH" ]; then
        if [ -f "$i/libsvn_client-1.so" ]; then
@ -557,6 +602,10 @@ for i in $INCDIRS ; do
        fi
    fi  
 done
+SYS_PARAM=""
+if [ -f "$SDK_PATH/usr/include/sys/param.h" ]; then
+  SYS_PARAM=-DHAVE_SYS_PARAM_H
+fi
 if [ "X" != "X$DEBUG" ]; then
   echo DEBUG: SVN_PATH=$SVN_PATH/libsvn_client-1
   echo DEBUG: APR_PATH=$APR_PATH/libapr
@ -583,7 +632,7 @@ if [ "X" = "X$SVN_PATH" -o "X" = "X$APR_PATH" ]; then
    echo "                                                         ... NOT found, module svn disabled"
 fi

-echo "Checking for firebird (libfbclient.so) ..."
+echo "Checking for firebird (libfbclient) ..."
 for i in $LIBDIRS ; do
    if [ "X" = "X$FIREBIRD_PATH" ]; then
        if [ -f "$i/libfbclient.so" -o -f "$i/libfbclient.dylib" -o -f "$i/libfbclient.a" ]; then
@ -608,6 +657,9 @@ for i in $INCDIRS ; do
        if [ -f "$i/ibase.h" ]; then
            FIREBIRD_IPATH="$i"
        fi
+        if [ -f "$i/firebird/ibase.h" ]; then
+            FIREBIRD_IPATH="$i/firebird"
+        fi
    fi
 done
 if [ "X" != "X$DEBUG" ]; then
@ -623,7 +675,7 @@ if [ "X" = "X$FIREBIRD_PATH" -o "X" = "X$FIREBIRD_IPATH" ]; then
    FIREBIRD_IPATH=""
 fi

-echo "Checking for MYSQL client (libmysqlclient.so, math.h) ..."
+echo "Checking for MYSQL client (libmysqlclient/math.h) ..."
 for i in $LIBDIRS ; do
    if [ "X" = "X$MYSQL_PATH" ]; then
        if [ -f "$i/libmysqlclient.so" -o -f "$i/libmysqlclient.dylib" -o -f "$i/libmysqlclient.a" ]; then
@ -672,7 +724,7 @@ if [ -f "$SDK_PATH/usr/include/math.h" ]; then
 else
      echo "                                       ... math.h not found, module Mysql disabled"
 fi
-echo "Checking for AFP (libafpclient.so) ..."
+echo "Checking for AFP (libafpclient) ..."
 for i in $LIBDIRS ; do
    if [ "X" = "X$AFP_PATH" ]; then
        if [ -f "$i/libafpclient.so" -o -f "$i/libafpclient.so" -o -f "$i/libafpclient.a"   ]; then
@ -712,7 +764,7 @@ if [ "X" = "X$AFP_PATH" -o "X" = "X$AFP_IPATH" ]; then
    AFP_IPATH=""
 fi

-echo "Checking for NCP (libncp.so / nwcalls.h) ..."
+echo "Checking for NCP (libncp/nwcalls.h) ..."
 for i in $LIBDIRS ; do
    if [ "X" = "X$NCP_PATH" ]; then
        if [ -f "$i/libncp.so" -o -f "$i/libncp.dylib" -o -f "$i/libncp.a"  ]; then
@ -842,7 +894,7 @@ if [ "$SSH_IPATH" = "/usr/include" ]; then
    SSH_IPATH=""
 fi

-echo "Checking for Oracle (libocci.so libclntsh.so / oci.h and libaio.so) ..."
+echo "Checking for Oracle (libocci/libclntsh/oci.h/libaio/liboci) ..."
 #assume if we find oci.h other headers should also be in that dir
 #for libs we will test the 2
 if [ "X" != "X$WORACLE_PATH" ]; then
@ -872,6 +924,11 @@ for i in $LIBDIRS ; do
            ORACLE_PATH="$i"
        fi
    fi
+    if [ "X" = "X$ORACLE_PATH" ]; then
+        if [ -f "$i/liboci.a" -a -f "$i/oci.dll" ]; then
+            ORACLE_PATH="$i"
+        fi
+    fi
    if [ "X" = "X$ORACLE_PATH" ]; then
        TMP_LIB=`/bin/ls $i/libocci.so.* 2> /dev/null | grep occi.`
        if [ -n "$TMP_LIB" ]; then
@ -885,23 +942,17 @@ for i in $LIBDIRS ; do
        fi
    fi
    if [ "X" = "X$ORACLE_PATH" ]; then
-        TMP_LIB=`/bin/ls $i/libocci.dll* 2> /dev/null | grep occi.`
+        TMP_LIB=`/bin/ls $i/oci.dll* 2> /dev/null | grep occi.`
        if [ -n "$TMP_LIB" ]; then
            ORACLE_PATH="$i"
        fi
-        if [ "X" != "X$ORACLE_PATH" ]; then
-          TMP_LIB=`/bin/ls $i/libclntsh.dll* 2> /dev/null | grep clntsh.`
-          if [ -z "$TMP_LIB" ]; then
-            ORACLE_PATH=""
-          fi
-        fi
    fi
 done
 if [ "X" != "X$DEBUG" ]; then
   echo DEBUG: ORACLE_PATH=$ORACLE_PATH/libocci
 fi
-#check for Kernel Asynchronous I/O (AIO) lib support
-if [ "X" != "X$ORACLE_PATH" ]; then
+#check for Kernel Asynchronous I/O (AIO) lib support, no need on Cygwin
+if [ "X" != "X$ORACLE_PATH" -a "$SYSO" != "Cygwin" ]; then
  LIBAIO=""
  for i in $LIBDIRS ; do
     if [ "X" = "X$LIBAIO" ]; then
@ -929,11 +980,9 @@ if [ "X" != "X$DEBUG" ]; then
 fi

 for i in $INCDIRS ; do
-    if [ "X" != "X$ORACLE_PATH" ]; then
    if [ -f "$i/oci.h" ]; then
        ORACLE_IPATH="$i"
    fi
-    fi
 done
 if [ "X" != "X$DEBUG" ]; then
   echo DEBUG: ORACLE_IPATH=$ORACLE_IPATH/oci.h
@ -943,12 +992,12 @@ if [ -n "$ORACLE_PATH" -a -n "$ORACLE_IPATH" ]; then
 fi
 if [ "X" = "X$ORACLE_PATH" -o "X" = "X$ORACLE_IPATH" ]; then
    echo "                                                            ... NOT found, module Oracle disabled"
-    echo "Get basic and sdk package from http://www.oracle.com/technetwork/database/features/instant-client/index.html"
+    echo "Get basic and sdk package from https://www.oracle.com/database/technologies/instant-client/downloads.html"
    ORACLE_PATH=""
    ORACLE_IPATH=""
 fi

-echo "Checking for Memcached (libmemcached.so, memcached.h) ..."
+echo "Checking for Memcached (libmemcached/memcached.h) ..."

  for i in $LIBDIRS ; do
    if [ "X" = "X$MCACHED_PATH" ]; then
@ -975,11 +1024,9 @@ echo "Checking for Memcached (libmemcached.so, memcached.h) ..."
    if [ "X" = "X$MCACHED_IPATH" ]; then
        if [ -f "$i/memcached.h" ]; then
            MCACHED_IPATH="$i"
-        fi
-        if [ -f "$i/libmemcached/memcached.h" ]; then
+        elif [ -f "$i/libmemcached/memcached.h" ]; then
            MCACHED_IPATH="$i/libmemcached"
-        fi
-        if [ -f "$i/libmemcached-1.0/memcached.h" ]; then
+        elif [ -f "$i/libmemcached-1.0/memcached.h" ]; then
            MCACHED_IPATH="$i/libmemcached-1.0"
        fi
    fi
@ -998,12 +1045,84 @@ fi
    MCACHED_IPATH=""
  fi

+echo "Checking for Freerdp3 (libfreerdp3/freerdp.h/libwinpr3/winpr.h) ..."

-echo "Checking for Freerdp2 (libfreerdp2.so, freerdp/*.h, libwinpr2.so, winpr/*.h) ..."
+  for i in $LIBDIRS ; do
+    if [ "X" = "X$FREERDP3_PATH" ]; then
+        if [ -f "$i/libfreerdp3.so" -o -f "$i/libfreerdp3.dylib" -o -f "$i/libfreerdp3.a" -o -f "$i/libfreerdp3.dll.a" ]; then
+            FREERDP3_PATH="$i"
+        fi
+    fi
+    if [ "X" = "X$FREERDP3_PATH" ]; then
+        TMP_LIB=`/bin/ls $i/libfreerdp3*.so* 2> /dev/null | grep libfreerdp3`
+        if [ -n "$TMP_LIB" ]; then
+          FREERDP3_PATH="$i"
+        fi
+    fi
+  done
+
+  FREERDP3_IPATH=
+  for i in $INCDIRS ; do
+    if [ "X" = "X$FREERDP3_IPATH" ]; then
+        if [ -f "$i/freerdp/freerdp.h" ]; then
+            FREERDP3_IPATH="$i/freerdp3"
+        fi
+        if [ -f "$i/freerdp3/freerdp/freerdp.h" ]; then
+            FREERDP3_IPATH="$i/freerdp3"
+        fi
+    fi
+  done
+
+ for i in $LIBDIRS ; do
+    if [ "X" = "X$WINPR3_PATH" ]; then
+        if [ -f "$i/libwinpr3.so" -o -f "$i/libwinpr3.dylib" -o -f "$i/libwinpr3.a" ]; then
+            WINPR3_PATH="$i"
+        fi
+    fi
+    if [ "X" = "X$WINPR3_PATH" ]; then
+        TMP_LIB=`/bin/ls $i/libwinpr3.dll.a 2> /dev/null | grep winpr`
+        if [ -n "$TMP_LIB" ]; then
+          WINPR3_PATH="$i"
+        fi
+    fi
+  done
+
+  WINPR3_IPATH=
+  for i in $INCDIRS ; do
+    if [ "X" = "X$WINPR3_IPATH" ]; then
+        if [ -f "$i/winpr.h" ]; then
+            WINPR3_IPATH="$i"
+        fi
+        if [ -f "$i/winpr3/winpr/winpr.h" ]; then
+            WINPR3_IPATH="$i/winpr3"
+        fi
+    fi
+  done
+
+  if [ "X" != "X$DEBUG" ]; then
+    echo DEBUG: FREERDP3_PATH=$FREERDP3_PATH/
+    echo DEBUG: FREERDP3_IPATH=$FREERDP3_IPATH/
+    echo DEBUG: WINPR3_PATH=$WINPR3_PATH/
+    echo DEBUG: WINPR3_IPATH=$WINPR3_IPATH/
+  fi
+
+  if [ -n "$FREERDP3_PATH" -a -n "$FREERDP3_IPATH" -a -n "$WINPR3_PATH" -a -n "$WINPR3_IPATH" ]; then
+    echo "                                                                ... found"
+  fi
+  if [ "X" = "X$FREERDP3_PATH" -o "X" = "X$FREERDP3_IPATH" -o "X" = "X$WINPR3_PATH" -o "X" = "X$WINPR3_IPATH" ]; then
+    echo "                                                                ... NOT found, checking for freerdp2 module next..."
+    FREERDP3_PATH=""
+    FREERDP3_IPATH=""
+    WINPR3_PATH=""
+    WINPR3_IPATH=""
+  fi
+
+  if [ "X" = "X$FREERDP3_PATH" -o "X" = "X$FREERDP3_IPATH" -o "X" = "X$WINPR3_PATH" -o "X" = "X$WINPR3_IPATH" ]; then
+    echo "Checking for Freerdp2 (libfreerdp2/freerdp.h/libwinpr2/winpr.h) ..."

    for i in $LIBDIRS ; do
        if [ "X" = "X$FREERDP2_PATH" ]; then
-        if [ -f "$i/libfreerdp2.so" -o -f "$i/libfreerdp2.dylib" -o -f "$i/libfreerdp2.a" ]; then
+            if [ -f "$i/libfreerdp2.so" -o -f "$i/libfreerdp2.dylib" -o -f "$i/libfreerdp2.a" -o -f "$i/libfreerdp2.dll.a" ]; then
                FREERDP2_PATH="$i"
            fi
        fi
@ -1034,7 +1153,7 @@ echo "Checking for Freerdp2 (libfreerdp2.so, freerdp/*.h, libwinpr2.so, winpr/*.
            fi
        fi
        if [ "X" = "X$WINPR2_PATH" ]; then
-        TMP_LIB=`/bin/ls $i/winpr.dll* 2> /dev/null | grep winpr`
+            TMP_LIB=`/bin/ls $i/libwinpr2.dll.a 2> /dev/null | grep winpr`
            if [ -n "$TMP_LIB" ]; then
            WINPR2_PATH="$i"
            fi
@ -1070,8 +1189,9 @@ fi
        WINPR2_PATH=""
        WINPR2_IPATH=""
    fi
+fi

-echo "Checking for Mongodb (libmongoc-1.0.so, mongoc.h, libbson-1.0.so, bson.h) ..."
+echo "Checking for Mongodb (libmongoc-1.0/mongoc.h/libbson-1.0/bson.h) ..."

  for i in $LIBDIRS ; do
    if [ "X" = "X$MONGODB_PATH" ]; then
@ -1161,11 +1281,59 @@ fi
    BSON_IPATH=""
  fi

+echo "Checking for smbclient (libsmbclient/libsmbclient.h) ..."
+
+  for i in $LIBDIRS ; do
+    if [ "X" = "X$SMBC_PATH" ]; then
+        if [ -f "$i/libsmbclient.so" -o -f "$i/libsmbclient.dylib" -o -f "$i/libsmbclient.a" ]; then
+            SMBC_PATH="$i"
+        fi
+    fi
+    if [ "X" = "X$SMBC_PATH" ]; then
+        TMP_LIB=`/bin/ls $i/libsmbclient.so* 2> /dev/null | grep smbclient`
+        if [ -n "$TMP_LIB" ]; then
+          SMBC_PATH="$i"
+        fi
+    fi
+    if [ "X" = "X$SMBC_PATH" ]; then
+        TMP_LIB=`/bin/ls $i/libsmbclient.dll* 2> /dev/null | grep smbclient`
+        if [ -n "$TMP_LIB" ]; then
+          SMBC_PATH="$i"
+        fi
+    fi
+  done
+
+  SMBC_IPATH=
+  for i in $INCDIRS ; do
+    if [ "X" = "X$SMBC_IPATH" ]; then
+        if [ -f "$i/libsmbclient.h" ]; then
+            SMBC_IPATH="$i"
+        fi
+        if [ -f "$i/samba-4.0/libsmbclient.h" ]; then
+            SMBC_IPATH="$i/samba-4.0"
+        fi
+    fi
+  done
+
+  if [ "X" != "X$DEBUG" ]; then
+     echo DEBUG: SMBC_PATH=$SMBC_PATH/libsmbclient
+     echo DEBUG: SMBC_IPATH=$SMBC_IPATH/libsmbclient.h
+  fi
+  if [ -n "$SMBC_PATH" -a -n "$SMBC_IPATH" ]; then
+    echo "                                                     ... found"
+  fi
+  if [ "X" = "X$SMBC_PATH" -o "X" = "X$SMBC_IPATH" ]; then
+    echo "                                                     ... NOT found, module smb2 disabled"
+    SMBC_PATH=""
+    SMBC_IPATH=""
+  fi
+
+
 if [ "X" = "X$XHYDRA_SUPPORT" ]; then
-    echo "Checking for GUI req's (pkg-config, gtk+-2.0) ..."
-  XHYDRA_SUPPORT=`pkg-config --help > /dev/null 2>&1 || echo disabled`
+    echo "Checking for GUI req's (pkg-config/gtk+-2.0) ..."
+  XHYDRA_SUPPORT=`$PKG_CONFIG --help > /dev/null 2>&1 || echo disabled`
  if [ "X" = "X$XHYDRA_SUPPORT" ]; then
-     XHYDRA_SUPPORT=`pkg-config --modversion gtk+-2.0 2> /dev/null`
+     XHYDRA_SUPPORT=`$PKG_CONFIG --modversion gtk+-2.0 2> /dev/null`
  else
     XHYDRA_SUPPORT=""
  fi
@ -1214,10 +1382,14 @@ echo "Checking for Android specialities ..."
 TMPC=comptest$$
 STRRCHR=" not"
 echo '#include <stdio.h>' > $TMPC.c
-echo '#include <strings.h>' >> $TMPC.c
+echo '#include <string.h>' >> $TMPC.c
 echo "int main() { char *x = strrchr(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c
 $CC -o $TMPC $TMPC.c > /dev/null 2>&1
 test -x $TMPC && STRRCHR=""
+rm -f $TMPC
+$CC -o $TMPC -Wl,--allow-multiple-definition $TMPC.c > /dev/null 2>&1
+WALLOW="no"
+test -x $TMPC && WALLOW="yes"
 rm -f $TMPC $TMPC.c
 echo "                                  ... strrchr()$STRRCHR found"
 if [ -n "$CRYPTO_PATH" ]; then
@ -1248,15 +1420,53 @@ rm -f $TMPC $TMPC.c $TMPC.c.err
 echo "                                                  Compiling... $GCCSEC"
 echo "                                                  Linking... $LDSEC"

+echo "Checking for --allow-multiple-definition linker option ... $WALLOW"
+if [ "$WALLOW" = "yes" ]; then
+  GCCSECOPT="$GCCSECOPT -Wl,--allow-multiple-definition"
+fi
+
 echo
 XDEFINES=""
 XLIBS=""
 XLIBPATHS=""
 XIPATHS=""

-if [ -n "$FIREBIRD_PATH" -o -n "$PCRE_PATH" -o -n "$IDN_PATH" -o -n "$SSL_PATH" -o -n "$CRYPTO_PATH" -o -n "$NSL_PATH" -o -n "$SOCKET_PATH" -o -n "$RESOLV_PATH" -o -n "$SAPR3_PATH" -o -n "$SSH_PATH" -o -n "$POSTGRES_PATH" -o -n "$SVN_PATH" -o -n "$NCP_PATH" -o -n "$CURSES_PATH" -o -n "$ORACLE_PATH" -o -n "$AFP_PATH" -o -n "$MYSQL_PATH" -o -n "$MCACHED_PATH" -o -n "$MONGOD_PATH" -o -n "$FREERDP2_PATH" -o -n "$WINPR2_PATH" ]; then
+if [ -n "$FIREBIRD_PATH" -o \
+        -n "$PCRE_PATH" -o \
+        -n "$IDN_PATH" -o \
+        -n "$SSL_PATH" -o \
+        -n "$CRYPTO_PATH" -o \
+        -n "$NSL_PATH" -o \
+        -n "$SOCKET_PATH" -o \
+        -n "$RESOLV_PATH" -o \
+        -n "$SAPR3_PATH" -o \
+        -n "$SSH_PATH" -o \
+        -n "$POSTGRES_PATH" -o \
+        -n "$SVN_PATH" -o \
+        -n "$NCP_PATH" -o \
+        -n "$CURSES_PATH" -o \
+        -n "$ORACLE_PATH" -o \
+        -n "$AFP_PATH" -o \
+        -n "$MYSQL_PATH" -o \
+        -n "$MCACHED_PATH" -o \
+        -n "$MONGOD_PATH" -o \
+        -n "$FREERDP2_PATH" -o \
+        -n "$WINPR2_PATH" -o \
+        -n "$FREERDP3_PATH" -o \
+        -n "$WINPR3_PATH" -o \
+        -n "$SMBC_PATH" \
+   ]; then
+    if [ "$SYSS" = "Darwin" -a ! -d "/lib" ]; then
+        #for libraries installed with MacPorts
+        if [ -d "/opt/local/lib" ]; then
+            XLIBPATHS="-L/usr/lib -L/usr/local/lib -L/opt/local/lib"
+        else
+            XLIBPATHS="-L/usr/lib -L/usr/local/lib"
+        fi
+    else
        XLIBPATHS="-L/usr/lib -L/usr/local/lib -L/lib"
    fi
+fi
 if [ -n "$MYSQL_IPATH" ]; then
    XIPATHS="$XIPATHS -I$MYSQL_IPATH"
    if [ -n "$MYSQLINSUBDIR" ]; then
@ -1312,6 +1522,12 @@ fi
 if [ -n "$RSA" ]; then
    XDEFINES="$XDEFINES -DNO_RSA_LEGACY"
 fi
+if [ -n "$HAVE_SYBDB" ]; then
+    XDEFINES="$XDEFINES -DHAVE_SYBDB"
+fi
+if [ -n "$HAVE_SYBFRONT" ]; then
+    XDEFINES="$XDEFINES -DHAVE_SYBFRONT"
+fi
 if [ -n "$HAVE_ZLIB" ]; then
    XDEFINES="$XDEFINES -DHAVE_ZLIB"
 fi
@ -1328,14 +1544,48 @@ if [ -n "$BSON_PATH" ]; then
    XDEFINES="$XDEFINES -DLIBBSON"
 fi
 if [ -n "$FREERDP2_PATH" ]; then
-    XDEFINES="$XDEFINES -DLIBFREERDP2"
+    XDEFINES="$XDEFINES -DLIBFREERDP"
 fi
 if [ -n "$WINPR2_PATH" ]; then
    XDEFINES="$XDEFINES -DLIBWINPR2"
 fi
+if [ -n "$FREERDP3_PATH" ]; then
+    XDEFINES="$XDEFINES -DLIBFREERDP"
+fi
+if [ -n "$WINPR3_PATH" ]; then
+    XDEFINES="$XDEFINES -DLIBWINPR3"
+fi
+if [ -n "$SMBC_PATH" ]; then
+    XDEFINES="$XDEFINES -DLIBSMBCLIENT"
+fi

 OLDPATH=""
-for i in $SSL_PATH $FIREBIRD_PATH $WORACLE_LIB_PATH $PCRE_PATH $IDN_PATH $CRYPTO_PATH $SSH_PATH $NSL_PATH $SOCKET_PATH $RESOLV_PATH $SAPR3_PATH $POSTGRES_PATH $SVN_PATH $NCP_PATH $CURSES_PATH $ORACLE_PATH $AFP_PATH $MYSQL_PATH $MCACHED_PATH $MONGODB_PATH $BSON_PATH $FREERDP2_PATH $WINPR2_PATH; do
+for i in $SSL_PATH \
+             $FIREBIRD_PATH \
+             $WORACLE_LIB_PATH \
+             $PCRE_PATH \
+             $IDN_PATH \
+             $CRYPTO_PATH \
+             $SSH_PATH \
+             $NSL_PATH \
+             $SOCKET_PATH \
+             $RESOLV_PATH \
+             $SAPR3_PATH \
+             $POSTGRES_PATH \
+             $SVN_PATH \
+             $NCP_PATH \
+             $CURSES_PATH \
+             $ORACLE_PATH \
+             $AFP_PATH \
+             $MYSQL_PATH \
+             $MCACHED_PATH \
+             $MONGODB_PATH \
+             $BSON_PATH \
+             $FREERDP2_PATH \
+             $WINPR2_PATH \
+             $FREERDP3_PATH \
+             $WINPR3_PATH \
+             $SMBC_PATH; do
    if [ "$OLDPATH" = "$i" ]; then
      OLDPATH="$i"
    else
@ -1397,12 +1647,21 @@ fi
 if [ -n "$FREERDP2_IPATH" ]; then
    XIPATHS="$XIPATHS -I$FREERDP2_IPATH -I$WINPR2_IPATH"
 fi
+if [ -n "$FREERDP3_IPATH" ]; then
+    XIPATHS="$XIPATHS -I$FREERDP3_IPATH -I$WINPR3_IPATH"
+fi
+if [ -n "$SMBC_IPATH" ]; then
+    XIPATHS="$XIPATHS -I$SMBC_IPATH"
+fi
 if [ -n "$HAVE_GCRYPT" ]; then
    XLIBS="$XLIBS -lgcrypt"
 fi
 if [ -n "$HAVE_ZLIB" ]; then
    XLIBS="$XLIBS -lz"
 fi
+if [ -n "$HAVE_SYBDB" ]; then
+    XLIBS="$XLIBS -lsybdb"
+fi
 if [ -n "$CURSES_PATH" ]; then
    XLIBS="$XLIBS -lcurses"
 fi
@ -1412,9 +1671,12 @@ fi
 if [ -n "$NCP_PATH" ]; then
    XLIBS="$XLIBS -lncp"
 fi
-if [ -n "$ORACLE_PATH" ]; then
+if [ -n "$ORACLE_PATH" -a "$SYSO" != "Cygwin" ]; then
    XLIBS="$XLIBS -locci -lclntsh"
 fi
+if [ -n "$ORACLE_PATH" -a "$SYSO" = "Cygwin" ]; then
+    XLIBS="$XLIBS -loci"
+fi
 if [ -n "$FIREBIRD_PATH" ]; then
    XLIBS="$XLIBS -lfbclient"
 fi
@ -1422,7 +1684,7 @@ if [ -n "$IDN_PATH" ]; then
    XLIBS="$XLIBS -lidn"
 fi
 if [ -n "$PCRE_PATH" ]; then
-    XLIBS="$XLIBS -lpcre"
+    XLIBS="$XLIBS -lpcre2-8"
 fi
 if [ -n "$MYSQL_PATH" ]; then
    XLIBS="$XLIBS -lmysqlclient"
@ -1475,6 +1737,15 @@ fi
 if [ -n "$WINPR2_PATH" ]; then
    XLIBS="$XLIBS -lwinpr2"
 fi
+if [ -n "$FREERDP3_PATH" ]; then
+    XLIBS="$XLIBS -lfreerdp3"
+fi
+if [ -n "$WINPR3_PATH" ]; then
+    XLIBS="$XLIBS -lwinpr3"
+fi
+if [ -n "$SMBC_PATH" ]; then
+    XLIBS="$XLIBS -lsmbclient"
+fi
 if [ -d /usr/kerberos/include ]; then
  XIPATHS="$XIPATHS -I/usr/kerberos/include"
 fi
@ -1501,7 +1772,7 @@ else
 fi

 if [ "X" != "X$DEBUG" ]; then
-   echo DEBUG: XDEFINES=$XDEFINES $MATH
+   echo DEBUG: XDEFINES=$XDEFINES $MATH $SYS_PARAM
   echo DEBUG: XLIBS=$XLIBS
   echo DEBUG: XLIBPATHS=$XLIBPATHS
   echo DEBUG: XIPATHS=$XIPATHS
@ -1519,7 +1790,7 @@ if [ "X" != "X$FHS" ]; then
  echo "MANDIR = /share/man/man1" >> Makefile.in
  echo "DATADIR = /share/hydra" >> Makefile.in
 fi
-echo "XDEFINES=$XDEFINES $MATH" >> Makefile.in
+echo "XDEFINES=$XDEFINES $MATH $SYS_PARAM" >> Makefile.in
 echo "XLIBS=$XLIBS" >> Makefile.in
 echo "XLIBPATHS=$XLIBPATHS" >> Makefile.in
 echo "XIPATHS=$XIPATHS" >> Makefile.in
@ -1534,9 +1805,9 @@ cat Makefile.in >> Makefile
 # ignore errors if this uname call fails
 ### Current Cygwin is up to speed :-)
 WINDRES=""
-if [ "$SYSO" = "Cygwin" ]; then
+if [ "$SYSO" = "Cygwin" -o "$SYSO" = "Msys" ]; then
    echo
-    echo "Cygwin detected, if compilation fails just update your installation."
+    echo "Cygwin/MSYS2 detected, if compilation fails just update your installation."
    echo
    WINDRES=`which windres`
    test -x "$WINDRES" && {
@ -1557,7 +1828,7 @@ if [ "x$WINDRES" = "x" ]; then
  echo HYDRA_LOGO= >> Makefile
  echo PWI_LOGO= >> Makefile
 fi
-if [ "$GCCSEC" = "yes" ] && [ "$SYSS" != "SunOS" ]; then
+if [ "$GCCSEC" = "yes" -a "$SYSS" != "SunOS" -a "$SYSS" != "Darwin" ]; then
  echo "SEC=$GCCSECOPT" >> Makefile
 else
  echo "SEC=" >> Makefile
--- a/crc32.c
+++ b/crc32.c
@ -49,51 +49,13 @@
 #include <stdint.h>
 #endif

-uint32_t crc32_tab[] = {
-  0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
-  0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
-  0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
-  0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
-  0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
-  0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
-  0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,
-  0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
-  0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,
-  0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
-  0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,
-  0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
-  0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,
-  0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
-  0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
-  0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
-  0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,
-  0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
-  0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa,
-  0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
-  0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81,
-  0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
-  0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84,
-  0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
-  0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
-  0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
-  0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e,
-  0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
-  0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55,
-  0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
-  0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28,
-  0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
-  0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f,
-  0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
-  0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
-  0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
-  0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
-  0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
-  0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc,
-  0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
-  0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693,
-  0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
-  0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d
-};
+uint32_t crc32_tab[] = {0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, 0x3c03e4d1,
+                        0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934,
+                        0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5, 0xaa0a4c5f,
+                        0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe,
+                        0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe,
+                        0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
+                        0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d};

 #ifndef HAVE_ZLIB

--- a/d3des.c
+++ b/d3des.c
@ -48,38 +48,17 @@ static unsigned long KnL[32] = { 0L };
        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 };
 */

-static unsigned short bytebit[8] = {
-  01, 02, 04, 010, 020, 040, 0100, 0200
-};
+static unsigned short bytebit[8] = {01, 02, 04, 010, 020, 040, 0100, 0200};

-static unsigned long bigbyte[24] = {
-  0x800000L, 0x400000L, 0x200000L, 0x100000L,
-  0x80000L, 0x40000L, 0x20000L, 0x10000L,
-  0x8000L, 0x4000L, 0x2000L, 0x1000L,
-  0x800L, 0x400L, 0x200L, 0x100L,
-  0x80L, 0x40L, 0x20L, 0x10L,
-  0x8L, 0x4L, 0x2L, 0x1L
-};
+static unsigned long bigbyte[24] = {0x800000L, 0x400000L, 0x200000L, 0x100000L, 0x80000L, 0x40000L, 0x20000L, 0x10000L, 0x8000L, 0x4000L, 0x2000L, 0x1000L, 0x800L, 0x400L, 0x200L, 0x100L, 0x80L, 0x40L, 0x20L, 0x10L, 0x8L, 0x4L, 0x2L, 0x1L};

 /* Use the key schedule specified in the Standard (ANSI X3.92-1981). */

-static unsigned char pc1[56] = {
-  56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17,
-  9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35,
-  62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21,
-  13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3
-};
+static unsigned char pc1[56] = {56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3};

-static unsigned char totrot[16] = {
-  1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28
-};
+static unsigned char totrot[16] = {1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28};

-static unsigned char pc2[48] = {
-  13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9,
-  22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1,
-  40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47,
-  43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31
-};
+static unsigned char pc2[48] = {13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31};

 void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */
    unsigned char *key;
@ -126,8 +105,7 @@ void deskey(key, edf)           /* Thanks to James Gillogly & Phil Karn! */
  return;
 }

-static void cookey(raw1)
-     register unsigned long *raw1;
+static void cookey(raw1) register unsigned long *raw1;
 {
  register unsigned long *cook, *raw0;
  unsigned long dough[32];
@ -149,8 +127,7 @@ static void cookey(raw1)
  return;
 }

-void cpkey(into)
-     register unsigned long *into;
+void cpkey(into) register unsigned long *into;
 {
  register unsigned long *from, *endp;

@ -160,8 +137,7 @@ void cpkey(into)
  return;
 }

-void usekey(from)
-     register unsigned long *from;
+void usekey(from) register unsigned long *from;
 {
  register unsigned long *to, *endp;

@ -180,8 +156,7 @@ void des(unsigned char *inblock, unsigned char *outblock) {
  return;
 }

-static void scrunch(outof, into)
-     register unsigned char *outof;
+static void scrunch(outof, into) register unsigned char *outof;
 register unsigned long *into;
 {
  *into = (*outof++ & 0xffL) << 24;
@ -195,8 +170,7 @@ static void scrunch(outof, into)
  return;
 }

-static void unscrun(outof, into)
-     register unsigned long *outof;
+static void unscrun(outof, into) register unsigned long *outof;
 register unsigned char *into;
 {
  *into++ = (*outof >> 24) & 0xffL;
@ -210,160 +184,31 @@ static void unscrun(outof, into)
  return;
 }

-static unsigned long SP1[64] = {
-  0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L,
-  0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L,
-  0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L,
-  0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L,
-  0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L,
-  0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L,
-  0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L,
-  0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L,
-  0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L,
-  0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L,
-  0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L,
-  0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L,
-  0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L,
-  0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L,
-  0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L,
-  0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L
-};
+static unsigned long SP1[64] = {0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L,
+                                0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L};

-static unsigned long SP2[64] = {
-  0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L,
-  0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L,
-  0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L,
-  0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L,
-  0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L,
-  0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L,
-  0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L,
-  0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L,
-  0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L,
-  0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L,
-  0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L,
-  0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L,
-  0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L,
-  0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L,
-  0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L,
-  0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L
-};
+static unsigned long SP2[64] = {0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L,
+                                0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L};

-static unsigned long SP3[64] = {
-  0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L,
-  0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L,
-  0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L,
-  0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L,
-  0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L,
-  0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L,
-  0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L,
-  0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L,
-  0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L,
-  0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L,
-  0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L,
-  0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L,
-  0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L,
-  0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L,
-  0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L,
-  0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L
-};
+static unsigned long SP3[64] = {0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L,
+                                0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L};

-static unsigned long SP4[64] = {
-  0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L,
-  0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L,
-  0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L,
-  0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L,
-  0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L,
-  0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L,
-  0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L,
-  0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L,
-  0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L,
-  0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L,
-  0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L,
-  0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L,
-  0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L,
-  0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L,
-  0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L,
-  0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L
-};
+static unsigned long SP4[64] = {0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L,
+                                0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L};

-static unsigned long SP5[64] = {
-  0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L,
-  0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L,
-  0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L,
-  0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L,
-  0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L,
-  0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L,
-  0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L,
-  0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L,
-  0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L,
-  0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L,
-  0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L,
-  0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L,
-  0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L,
-  0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L,
-  0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L,
-  0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L
-};
+static unsigned long SP5[64] = {0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L,
+                                0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L};

-static unsigned long SP6[64] = {
-  0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L,
-  0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L,
-  0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L,
-  0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L,
-  0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L,
-  0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L,
-  0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L,
-  0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L,
-  0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L,
-  0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L,
-  0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L,
-  0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L,
-  0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L,
-  0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L,
-  0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L,
-  0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L
-};
+static unsigned long SP6[64] = {0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L,
+                                0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L};

-static unsigned long SP7[64] = {
-  0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L,
-  0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L,
-  0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L,
-  0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L,
-  0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L,
-  0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L,
-  0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L,
-  0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L,
-  0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L,
-  0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L,
-  0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L,
-  0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L,
-  0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L,
-  0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L,
-  0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L,
-  0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L
-};
+static unsigned long SP7[64] = {0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L,
+                                0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L};

-static unsigned long SP8[64] = {
-  0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L,
-  0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L,
-  0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L,
-  0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L,
-  0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L,
-  0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L,
-  0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L,
-  0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L,
-  0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L,
-  0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L,
-  0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L,
-  0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L,
-  0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L,
-  0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L,
-  0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L,
-  0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L
-};
+static unsigned long SP8[64] = {0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L,
+                                0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L};

-static void desfunc(block, keys)
-     register unsigned long *block, *keys;
+static void desfunc(block, keys) register unsigned long *block, *keys;
 {
  register unsigned long fval, work, right, leftt;
  register int32_t round;
--- a/dpl4hydra_full.csv
+++ b/dpl4hydra_full.csv
@ -2417,8 +2417,6 @@ draytek,Vigor,all,HTTP,admin,admin,Admin,,
 dreambox,All models,all versions,http, telnet,root,dreambox,,
 dreambox,All models,all versions,http,telnet,root,dreambox,gives access to a busybox allowing to control the box using basic unix commands embedded into busybox,
 drupal.org,Drupal,,administrator,admin,admin,,,
-ducati,Diavel motorcycles,,console,,last 4 digits of the motorcycle's VIN,Start and drive the motorcycle without a key,This is the ignition password - if you have one of these bikes change the password ASAP as you may be liable for any accident damage caused by the thief!,
-ducati,Diavel,,,,Last 4 digits of VIN,,,
 dupont,Digital Water Proofer,,,root,par0t,,,
 dynalink,RTA020,,,admin,private,,,
 dynalink,RTA020,,Admin,admin,private,,,
@ -3061,7 +3059,6 @@ hewlettpackard,Motive Chorus,,HTTP (port 5060),admin,isee,,,
 hewlettpackard,Officejet,all versions,http,admin,,admin,http interface,
 hewlettpackard,Power Manager,3,HTTP,admin,admin,Admin,,
 hewlettpackard,ProcCurve MSC-5100,,,admin,admin,,,
-hewlettpackard,Remote Insight Board,,,Administrator,The last eight digits of the serial number,,,
 hewlettpackard,StoreOnce,,,HPSupport,badg3r5,,,
 hewlettpackard,Vectra,,Console,,hewlpack,Admin,,
 hewlettpackard,iLo,,http,Admin,Admin,Admin,,
@ -3611,7 +3608,6 @@ iso sistemi,winwork,,Admin,,,,,
 iwill,PC BIOS,,,,iwill,,,
 iwill,PC BIOS,,Admin,,iwill,,,
 iwill,PC BIOS,,Console,,iwill,Admin,,
-jacksoncommunitycollege,My Network Services,,web,(first 7 letters of student's last name + first seven letters of first name + middle initial -- no spaces or punctuation),(First letter of first name Capitalized + First letter of last name in lowercase + day of birth {01-31} + birth year {2 digits} + last 4 digits of student ID),My Network Services access,,
 jaht,adsl router,AR41/2A,HTTP,admin,epicrouter,Admin,,
 jamfsoftware,Casper Suite,,,jamfsoftware,jamfsw03,,,
 janitza,UMG 508,,,Homepage Password,0th,,,
@ -3786,7 +3782,6 @@ kyocera,FS3140MFP,,Web Interface,,admin00,Administrator,,
 kyocera,FS6025MFP,,system menus,Admin,Admin,Admin,,
 kyocera,Intermate LAN FS Pro 10/100,K82_0371,HTTP,admin,admin,Admin,,
 kyocera,KM-4850W,,,admin,,,,
-kyocera,KR2,,http,,read notes,,it is the last 6 characters of the mac address,
 kyocera,TASKalfa 250 Ci,,,Admin,admin00,,if enable local authentification,
 kyocera,TASKalfa 250ci,,IP,,admin00,,,
 kyocera,TASKalfa 266ci,,Console Panel,Admin,Admin,Admin,,
@ -5188,82 +5183,42 @@ oce,tcs500, Windows XP, all models,12.3.0(1668),console, http://192.168.0.81,,
 oce,tcs500,Windows XP,all models,12.3.0(1668),console,http://192.168.0.81,,
 ods,1094 IS Chassis,,,ods,ods,,4.x,
 ods,1094,,,ods,ods,,,
-oki,9600,,,admin,last six characters of the MAC address (letters uppercase).,,,
-oki,B410,,http (dhcp),admin,last six charachter of mac address (upper case),,,
-oki,B410dn,,http://169.254.39.211/,admin,Last 6 characters (chars uppercased) from MAC Address,admin,,
 oki,B411,all ver,Http or AdminManager,root,aaaaaa,Administrator,,
-oki,B420,,http (dhcp),admin,last six charachter of mac address (upper case),,,
-oki,B430,,http (dhcp),admin,last six charachter of mac address (upper case),,,
 oki,B431,all ver,Http or AdminManager,root,aaaaaa,Administrator,,
 oki,B431dn,,http://192.168.1.xxx,root,123456,Admin,,
-oki,B43xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC),
 oki,B6100n,,,admin,OkiLAN,admin,with 61e(NIC),
 oki,B6200n,,,admin,OkiLAN,admin,with 62e(NIC),
-oki,B6300,,,root,last six charachter of mac address,root,,
 oki,B6300n,,,admin,OkiLAN,admin,with 62e(NIC),
-oki,B6500,,,root,(last 6 digits of MAC address),root,,
 oki,B710,all,http://192.168.1.33,root,aaaaaa,Administrator,,
 oki,B720,all,http://192.168.1.33,root,aaaaaa,Administrator,,
 oki,B720N,All versions,Web interface,root,aaaaaa,Root access,,
 oki,B730,all,http://192.168.1.33,root,aaaaaa,Administrator,,
 oki,B8300n,,,admin,OkiLAN,admin,with 83e(NIC),
-oki,B930n,,,root,(last 4 digits of MAC address),root,,
-oki,C3200n,,Web Interface - Device IP,root,last 6 of MAC Address - case sensitive,,,
 oki,C330,all versions etc.,http://192.168.0.1,root,aaaaaa,Admin,Administrator,
 oki,C3450,,http://192.168.1.50,admin,heslo,admin,,
-oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,,
-oki,C3450,,web,admin,last 6 digits of MAC code,Use uppercase letters,Administrator,
-oki,C3530,,console,admin,last 6 digits of MAC address,Admin,,
-oki,C380,,,admin,last 6 characters of the MAC ADRESS,,,
-oki,C51xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC),
 oki,C530dn,A1.02,http://192.168.1.51,root,aaaaaa,Admin,,
-oki,C53xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC),
-oki,C54xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC),
 oki,C5550 MFP,,http,,*blank*,Admin,,
-oki,C5650,,Multi,root,Last 6 characters of MAC address (uppercase),Admin,Last 6 digits are also at the end of the default printer name,
 oki,C5650dn,,,,000000,menu,,
 oki,C5650n,,,,000000,menu,,
-oki,C5700,,HTTP,root,the 6 last digit of the MAC adress,Admin,running with other models,
-oki,C5850,,http,admin,last 6 characters of the MAC ADRESS,,,
-oki,C5900,,HTTP,root,Last 6 characters (chars uppercased) from MAC Address,admin,,
 oki,C6050dn,,,,000000,menu,,
 oki,C6050n,,,,000000,menu,,
 oki,C610,,,admin,aaaaaa,admin,,
-oki,C6100,,HTTP,root,Last 6 characters of MAC address (uppercase),Administrative,seems to work with a variety of oki printers.,
-oki,C6150,N1.01 Network Firmware 08.51,ZeroConFig Bonjour,root,last six characters of MAC address,Basic Setup,Printer ID,Protocol
 oki,C6150dn,,,,000000,menu,,
 oki,C6150dtn,,,,000000,menu,,
 oki,C6150hdn,,,,000000,menu,,
 oki,C6150n,,,,000000,menu,,
 oki,C7000,,,admin,OkiLAN,admin,with 6200e(NIC),
-oki,C7000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC),
-oki,C710,All versions,http,root,Last 6 characters (chars uppercased) from MAC Address,Full acces to printer configuration,,
 oki,C711,,Web,admin,aaaaaa,Admin access,,
-oki,C7300,A3.14, may apply to other versions,Multi,root,Last six digits of default device name,,
-oki,C7300,A3.14,may apply to other versions,Multi,root,Last six digits of default device name,Give this a try if the last six digits of the MAC don't work. I believe alpha characters would be uppercased if there were any present.,
-oki,C7350,,Administrator,root,Last 6 characters (chars uppercased) from MAC Address,,,
-oki,C7350,,Multi,root,Last 6 characters (chars uppercased) from MAC Address,Administrator,,
-oki,C810,,http://192.168.0.1,root,Last 6 characters (chars uppercased) from MAC Address,,,
-oki,C821,all version?,HTTP,root,last six charachter of mac address,Admin,,
-oki,C830,all,web,root,last 6 digits of the MAC address,,,
-oki,C8800,,Web or Console,root,Last six characters of MAC address,,,
 oki,C9000,,,admin,OkiLAN,admin,with 6200e(NIC),
-oki,C9000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC),
-oki,C9500,,HTTP / telnet,root,Last 6 characters (chars uppercased) from MAC Address,Administration,,
 oki,C9650,,,,0000,Print statistics,,
 oki,C9650,,,,aaaaaa,Administration,,
-oki,C9655,,HTTP,root,last 6 digits of MAC address,Administrator,,
 oki,C9655,,printer menu,,aaaaaa,printer menubutton,,
-oki,C9800,,,root,(last 6 digits of MAC address),,,
-oki,C9850,,,root,(last 6 digits of MAC address),,,
 oki,CX1145,,,,123456,,,
 oki,CX2032 MFP,,http,,*blank*,Admin,,
 oki,CX2033,,Printer Menu,,,,When asked for password just press OK,
 oki,CX2633,,Web interface,admin,aaaaaa,admin,,
 oki,CX2731,,Web interface,admin,aaaaaa,admin,,
-oki,CX3641,,,root,(last 6 digits of MAC address),,,
 oki,Color 8 +14ex,,,admin,OkiLAN,admin,with 6100e(NIC),
-oki,ES3640,,,root,(last 6 digits of MAC address),,,
 oki,ES5460 MFP,,Local configuration menu,,aaaaaa,Admin/Root i guess,,
 oki,ES7120,,Web,root,aaaaaa,Admin,,
 oki,ES7411,,web HTTP,admin,aaaaaa,Administrator,,
@ -5275,7 +5230,6 @@ oki,MC160,,Op Panel,,000000,Admin,,
 oki,MC160,,Web,,sysAdmin,Admin,,
 oki,MC342w,,,admin,aaaaaa,admin,,
 oki,MC360,,Console,admin,aaaaaa,Full acces to printer configuration,,
-oki,MC360,,HTTP,admin,Last 6 characters (chars uppercased) from MAC Address,Administration,,
 oki,MC361,,Web interface,admin,aaaaaa,admin,,
 oki,MC560,,Printer Menu,,,,When asked for password just press OK,
 oki,MC560,,Printer Menu,,,,When asked for password,
@ -5285,19 +5239,10 @@ oki,MC860,,Web interface,admin,aaaaaa,admin,,
 oki,ML3xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC)
 oki,ML491n,,http://,Admin,OkiLAN,Admin,,
 oki,ML4xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC)
-oki,ML8810,,,root,(last 6 digits of MAC address),,,
 oki,N22113B,A2.00,http://192.168.1.9,,noe,Admin,,
 oki,WebTools,,,Administrator,,,,
 oki,b710,all,http://192.168.1.33,root,aaaaaa,Administrator,,
-oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,,
-oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,no,
 oki,c511dn,B7.00,,admin,aaaaaa,Full administrator Access,the machine picks up dhcp address,manually configure static on machine directly if required or print a config page to get the dhcp address that was assigned.
-oki,c5300,,,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,,
-oki,c5300,,Console,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",,
-oki,c5300,,Console,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No,
-oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",admin,
-oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No,
-oki,c5300,,admin,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,,
 oki,c5750,n1.02,http://192.168.0.200,,,,,
 oki,c810,1.0,192.100.185.78,admin,admin,admin,,
 olegkhabarov,Comfy CMS,,,username,password,,,
@ -10100,7 +10045,6 @@ telus,Telephony and internet services,,,(username),telus12,User,Initial password
 telus,Telephony and internet services,,,(username),telus13,User,Initial password if issued in 2013,
 telus,Telephony and internet services,,,(username),telus99,User,Initial password if issued in 1999,
 tenda,W150M,,192.168.1.1,admin,admin,Admin,,
-teradyne,4TEL,VRS400,DTMF,(last 5 digits of lineman's SSN),(same as user ID),,,
 terayon,,,,admin,nms,,6.29,
 terayon,,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html,
 terayon,TeraLink 1000 Controller,,,admin,password,,,
@ -10403,8 +10347,6 @@ unisys,ClearPath MCP,,Multi,ADMINISTRATOR,ADMINISTRATOR,Admin,,
 unisys,ClearPath MCP,,Multi,HTTP,HTTP,Web Server Administration,,
 unisys,ClearPath MCP,,Multi,NAU,NAU,Privileged,Network Administration Utility,
 unitedtechnologiescorporation,Interlogix truVision IP Camera,,,admin,1234,,,
-universityoftennessee,All Employee and Student Services,,,<NetID> - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789,
-universityoftennessee,All Employee and Student Services,,,lt;NetIDgt; - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789,
 unix,Generic,,,adm,,,,
 unix,Generic,,,adm,adm,,,
 unix,Generic,,,admin,admin,,,
--- a/dpl4hydra_local.csv
+++ b/dpl4hydra_local.csv
@ -2417,8 +2417,6 @@ draytek,Vigor,all,HTTP,admin,admin,Admin,,
 dreambox,All models,all versions,http, telnet,root,dreambox,,
 dreambox,All models,all versions,http,telnet,root,dreambox,gives access to a busybox allowing to control the box using basic unix commands embedded into busybox,
 drupal.org,Drupal,,administrator,admin,admin,,,
-ducati,Diavel motorcycles,,console,,last 4 digits of the motorcycle's VIN,Start and drive the motorcycle without a key,This is the ignition password - if you have one of these bikes change the password ASAP as you may be liable for any accident damage caused by the thief!,
-ducati,Diavel,,,,Last 4 digits of VIN,,,
 dupont,Digital Water Proofer,,,root,par0t,,,
 dynalink,RTA020,,,admin,private,,,
 dynalink,RTA020,,Admin,admin,private,,,
@ -3061,7 +3059,6 @@ hewlettpackard,Motive Chorus,,HTTP (port 5060),admin,isee,,,
 hewlettpackard,Officejet,all versions,http,admin,,admin,http interface,
 hewlettpackard,Power Manager,3,HTTP,admin,admin,Admin,,
 hewlettpackard,ProcCurve MSC-5100,,,admin,admin,,,
-hewlettpackard,Remote Insight Board,,,Administrator,The last eight digits of the serial number,,,
 hewlettpackard,StoreOnce,,,HPSupport,badg3r5,,,
 hewlettpackard,Vectra,,Console,,hewlpack,Admin,,
 hewlettpackard,iLo,,http,Admin,Admin,Admin,,
@ -3611,7 +3608,6 @@ iso sistemi,winwork,,Admin,,,,,
 iwill,PC BIOS,,,,iwill,,,
 iwill,PC BIOS,,Admin,,iwill,,,
 iwill,PC BIOS,,Console,,iwill,Admin,,
-jacksoncommunitycollege,My Network Services,,web,(first 7 letters of student's last name + first seven letters of first name + middle initial -- no spaces or punctuation),(First letter of first name Capitalized + First letter of last name in lowercase + day of birth {01-31} + birth year {2 digits} + last 4 digits of student ID),My Network Services access,,
 jaht,adsl router,AR41/2A,HTTP,admin,epicrouter,Admin,,
 jamfsoftware,Casper Suite,,,jamfsoftware,jamfsw03,,,
 janitza,UMG 508,,,Homepage Password,0th,,,
@ -3786,7 +3782,6 @@ kyocera,FS3140MFP,,Web Interface,,admin00,Administrator,,
 kyocera,FS6025MFP,,system menus,Admin,Admin,Admin,,
 kyocera,Intermate LAN FS Pro 10/100,K82_0371,HTTP,admin,admin,Admin,,
 kyocera,KM-4850W,,,admin,,,,
-kyocera,KR2,,http,,read notes,,it is the last 6 characters of the mac address,
 kyocera,TASKalfa 250 Ci,,,Admin,admin00,,if enable local authentification,
 kyocera,TASKalfa 250ci,,IP,,admin00,,,
 kyocera,TASKalfa 266ci,,Console Panel,Admin,Admin,Admin,,
@ -5188,82 +5183,42 @@ oce,tcs500, Windows XP, all models,12.3.0(1668),console, http://192.168.0.81,,
 oce,tcs500,Windows XP,all models,12.3.0(1668),console,http://192.168.0.81,,
 ods,1094 IS Chassis,,,ods,ods,,4.x,
 ods,1094,,,ods,ods,,,
-oki,9600,,,admin,last six characters of the MAC address (letters uppercase).,,,
-oki,B410,,http (dhcp),admin,last six charachter of mac address (upper case),,,
-oki,B410dn,,http://169.254.39.211/,admin,Last 6 characters (chars uppercased) from MAC Address,admin,,
 oki,B411,all ver,Http or AdminManager,root,aaaaaa,Administrator,,
-oki,B420,,http (dhcp),admin,last six charachter of mac address (upper case),,,
-oki,B430,,http (dhcp),admin,last six charachter of mac address (upper case),,,
 oki,B431,all ver,Http or AdminManager,root,aaaaaa,Administrator,,
 oki,B431dn,,http://192.168.1.xxx,root,123456,Admin,,
-oki,B43xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC),
 oki,B6100n,,,admin,OkiLAN,admin,with 61e(NIC),
 oki,B6200n,,,admin,OkiLAN,admin,with 62e(NIC),
-oki,B6300,,,root,last six charachter of mac address,root,,
 oki,B6300n,,,admin,OkiLAN,admin,with 62e(NIC),
-oki,B6500,,,root,(last 6 digits of MAC address),root,,
 oki,B710,all,http://192.168.1.33,root,aaaaaa,Administrator,,
 oki,B720,all,http://192.168.1.33,root,aaaaaa,Administrator,,
 oki,B720N,All versions,Web interface,root,aaaaaa,Root access,,
 oki,B730,all,http://192.168.1.33,root,aaaaaa,Administrator,,
 oki,B8300n,,,admin,OkiLAN,admin,with 83e(NIC),
-oki,B930n,,,root,(last 4 digits of MAC address),root,,
-oki,C3200n,,Web Interface - Device IP,root,last 6 of MAC Address - case sensitive,,,
 oki,C330,all versions etc.,http://192.168.0.1,root,aaaaaa,Admin,Administrator,
 oki,C3450,,http://192.168.1.50,admin,heslo,admin,,
-oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,,
-oki,C3450,,web,admin,last 6 digits of MAC code,Use uppercase letters,Administrator,
-oki,C3530,,console,admin,last 6 digits of MAC address,Admin,,
-oki,C380,,,admin,last 6 characters of the MAC ADRESS,,,
-oki,C51xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC),
 oki,C530dn,A1.02,http://192.168.1.51,root,aaaaaa,Admin,,
-oki,C53xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC),
-oki,C54xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC),
 oki,C5550 MFP,,http,,*blank*,Admin,,
-oki,C5650,,Multi,root,Last 6 characters of MAC address (uppercase),Admin,Last 6 digits are also at the end of the default printer name,
 oki,C5650dn,,,,000000,menu,,
 oki,C5650n,,,,000000,menu,,
-oki,C5700,,HTTP,root,the 6 last digit of the MAC adress,Admin,running with other models,
-oki,C5850,,http,admin,last 6 characters of the MAC ADRESS,,,
-oki,C5900,,HTTP,root,Last 6 characters (chars uppercased) from MAC Address,admin,,
 oki,C6050dn,,,,000000,menu,,
 oki,C6050n,,,,000000,menu,,
 oki,C610,,,admin,aaaaaa,admin,,
-oki,C6100,,HTTP,root,Last 6 characters of MAC address (uppercase),Administrative,seems to work with a variety of oki printers.,
-oki,C6150,N1.01 Network Firmware 08.51,ZeroConFig Bonjour,root,last six characters of MAC address,Basic Setup,Printer ID,Protocol
 oki,C6150dn,,,,000000,menu,,
 oki,C6150dtn,,,,000000,menu,,
 oki,C6150hdn,,,,000000,menu,,
 oki,C6150n,,,,000000,menu,,
 oki,C7000,,,admin,OkiLAN,admin,with 6200e(NIC),
-oki,C7000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC),
-oki,C710,All versions,http,root,Last 6 characters (chars uppercased) from MAC Address,Full acces to printer configuration,,
 oki,C711,,Web,admin,aaaaaa,Admin access,,
-oki,C7300,A3.14, may apply to other versions,Multi,root,Last six digits of default device name,,
-oki,C7300,A3.14,may apply to other versions,Multi,root,Last six digits of default device name,Give this a try if the last six digits of the MAC don't work. I believe alpha characters would be uppercased if there were any present.,
-oki,C7350,,Administrator,root,Last 6 characters (chars uppercased) from MAC Address,,,
-oki,C7350,,Multi,root,Last 6 characters (chars uppercased) from MAC Address,Administrator,,
-oki,C810,,http://192.168.0.1,root,Last 6 characters (chars uppercased) from MAC Address,,,
-oki,C821,all version?,HTTP,root,last six charachter of mac address,Admin,,
-oki,C830,all,web,root,last 6 digits of the MAC address,,,
-oki,C8800,,Web or Console,root,Last six characters of MAC address,,,
 oki,C9000,,,admin,OkiLAN,admin,with 6200e(NIC),
-oki,C9000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC),
-oki,C9500,,HTTP / telnet,root,Last 6 characters (chars uppercased) from MAC Address,Administration,,
 oki,C9650,,,,0000,Print statistics,,
 oki,C9650,,,,aaaaaa,Administration,,
-oki,C9655,,HTTP,root,last 6 digits of MAC address,Administrator,,
 oki,C9655,,printer menu,,aaaaaa,printer menubutton,,
-oki,C9800,,,root,(last 6 digits of MAC address),,,
-oki,C9850,,,root,(last 6 digits of MAC address),,,
 oki,CX1145,,,,123456,,,
 oki,CX2032 MFP,,http,,*blank*,Admin,,
 oki,CX2033,,Printer Menu,,,,When asked for password just press OK,
 oki,CX2633,,Web interface,admin,aaaaaa,admin,,
 oki,CX2731,,Web interface,admin,aaaaaa,admin,,
-oki,CX3641,,,root,(last 6 digits of MAC address),,,
 oki,Color 8 +14ex,,,admin,OkiLAN,admin,with 6100e(NIC),
-oki,ES3640,,,root,(last 6 digits of MAC address),,,
 oki,ES5460 MFP,,Local configuration menu,,aaaaaa,Admin/Root i guess,,
 oki,ES7120,,Web,root,aaaaaa,Admin,,
 oki,ES7411,,web HTTP,admin,aaaaaa,Administrator,,
@ -5275,7 +5230,6 @@ oki,MC160,,Op Panel,,000000,Admin,,
 oki,MC160,,Web,,sysAdmin,Admin,,
 oki,MC342w,,,admin,aaaaaa,admin,,
 oki,MC360,,Console,admin,aaaaaa,Full acces to printer configuration,,
-oki,MC360,,HTTP,admin,Last 6 characters (chars uppercased) from MAC Address,Administration,,
 oki,MC361,,Web interface,admin,aaaaaa,admin,,
 oki,MC560,,Printer Menu,,,,When asked for password just press OK,
 oki,MC560,,Printer Menu,,,,When asked for password,
@ -5285,19 +5239,10 @@ oki,MC860,,Web interface,admin,aaaaaa,admin,,
 oki,ML3xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC)
 oki,ML491n,,http://,Admin,OkiLAN,Admin,,
 oki,ML4xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC)
-oki,ML8810,,,root,(last 6 digits of MAC address),,,
 oki,N22113B,A2.00,http://192.168.1.9,,noe,Admin,,
 oki,WebTools,,,Administrator,,,,
 oki,b710,all,http://192.168.1.33,root,aaaaaa,Administrator,,
-oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,,
-oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,no,
 oki,c511dn,B7.00,,admin,aaaaaa,Full administrator Access,the machine picks up dhcp address,manually configure static on machine directly if required or print a config page to get the dhcp address that was assigned.
-oki,c5300,,,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,,
-oki,c5300,,Console,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",,
-oki,c5300,,Console,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No,
-oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",admin,
-oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No,
-oki,c5300,,admin,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,,
 oki,c5750,n1.02,http://192.168.0.200,,,,,
 oki,c810,1.0,192.100.185.78,admin,admin,admin,,
 olegkhabarov,Comfy CMS,,,username,password,,,
@ -10100,7 +10045,6 @@ telus,Telephony and internet services,,,(username),telus12,User,Initial password
 telus,Telephony and internet services,,,(username),telus13,User,Initial password if issued in 2013,
 telus,Telephony and internet services,,,(username),telus99,User,Initial password if issued in 1999,
 tenda,W150M,,192.168.1.1,admin,admin,Admin,,
-teradyne,4TEL,VRS400,DTMF,(last 5 digits of lineman's SSN),(same as user ID),,,
 terayon,,,,admin,nms,,6.29,
 terayon,,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html,
 terayon,TeraLink 1000 Controller,,,admin,password,,,
@ -10403,8 +10347,6 @@ unisys,ClearPath MCP,,Multi,ADMINISTRATOR,ADMINISTRATOR,Admin,,
 unisys,ClearPath MCP,,Multi,HTTP,HTTP,Web Server Administration,,
 unisys,ClearPath MCP,,Multi,NAU,NAU,Privileged,Network Administration Utility,
 unitedtechnologiescorporation,Interlogix truVision IP Camera,,,admin,1234,,,
-universityoftennessee,All Employee and Student Services,,,<NetID> - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789,
-universityoftennessee,All Employee and Student Services,,,lt;NetIDgt; - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789,
 unix,Generic,,,adm,,,,
 unix,Generic,,,adm,adm,,,
 unix,Generic,,,admin,admin,,,
--- a/hmacmd5.c
+++ b/hmacmd5.c
@ -34,8 +34,8 @@
 */
 #ifdef LIBOPENSSL

-#include <string.h>
 #include "hmacmd5.h"
+#include <string.h>

 #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x))

@ -107,15 +107,12 @@ void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5
 update hmac_md5 "inner" buffer
 ***********************************************************************/

-void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context * ctx) {
-  MD5_Update(&ctx->ctx, (void *) text, text_len);       /* then text of datagram */
-}
+void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context *ctx) { MD5_Update(&ctx->ctx, (void *)text, text_len); /* then text of datagram */ }

 /***********************************************************************
 finish off hmac_md5 "inner" buffer and generate outer one.
 ***********************************************************************/
-void hmac_md5_final(unsigned char *digest, HMACMD5Context * ctx)
-{
+void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx) {
  MD5_CTX ctx_o;

  MD5_Final(digest, &ctx->ctx);
--- a/hmacmd5.h
+++ b/hmacmd5.h
@ -47,11 +47,8 @@ typedef struct {

 #endif /* _HMAC_MD5_H */

-
 void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx);
 void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx);
 void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context *ctx);
 void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx);
 void hmac_md5(unsigned char key[16], unsigned char *data, int32_t data_len, unsigned char *digest);
-
-
--- a/hydra-adam6500.c
+++ b/hydra-adam6500.c
@ -6,55 +6,13 @@

 extern char *HYDRA_EXIT;

-unsigned char adam6500_req1[] = {
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x01, 0x10,
-  0x27, 0x0f, 0x00, 0x08, 0x10, 0x24, 0x30, 0x31,
-  0x50, 0x57, 0x30, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f,
-  0x1f, 0x1f, 0x1f, 0x0d, 0x00
-};
-unsigned char adam6500_resp1[] = {
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x10,
-  0x27, 0x0f, 0x00, 0x08
-};
-unsigned char adam6500_req2[] = {
-  0x01, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x03,
-  0x27, 0x0f, 0x00, 0x7d
-};
-unsigned char adam6500_resp2[] = {
-  0x01, 0x00, 0x00, 0x00, 0x00, 0xfd, 0x01, 0x03,
-  0xfa, 0x3f, 0x30, 0x31, 0x0d, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00
-};
+unsigned char adam6500_req1[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x01, 0x10, 0x27, 0x0f, 0x00, 0x08, 0x10, 0x24, 0x30, 0x31, 0x50, 0x57, 0x30, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x0d, 0x00};
+unsigned char adam6500_resp1[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x10, 0x27, 0x0f, 0x00, 0x08};
+unsigned char adam6500_req2[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x03, 0x27, 0x0f, 0x00, 0x7d};
+unsigned char adam6500_resp2[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0xfd, 0x01, 0x03, 0xfa, 0x3f, 0x30, 0x31, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                                  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                                  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                                  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

 int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
  char *empty = "";
--- a/hydra-afp.c
+++ b/hydra-afp.c
@ -9,9 +9,7 @@
 #include "hydra-mod.h"

 #ifndef LIBAFP
-void dummy_afp() {
-  printf("\n");
-}
+void dummy_afp() { printf("\n"); }
 #else

 #define FREE(x)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                \
@ -20,9 +18,9 @@ void dummy_afp() {
    x = NULL;                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  \
  }

-#include <stdio.h>
 #include <afpfs-ng/afp.h>
 #include <afpfs-ng/libafpclient.h>
+#include <stdio.h>

 extern char *HYDRA_EXIT;

@ -50,7 +48,8 @@ static int32_t server_subconnect(struct afp_url url) {
  conn_req->url = url;
  conn_req->url.requested_version = 31;

-  //fprintf(stderr, "AFP connection - username: %s password: %s server: %s\n", url.username, url.password, url.servername); 
+  // fprintf(stderr, "AFP connection - username: %s password: %s server: %s\n",
+  // url.username, url.password, url.servername);

  if (strlen(url.uamname) > 0) {
    if ((conn_req->uam_mask = find_uam_by_name(url.uamname)) == 0) {
@ -69,7 +68,8 @@ static int32_t server_subconnect(struct afp_url url) {
    //    FREE(server);
    return -1;
  }
-  //fprintf(stderr,  "Connected to server: %s via UAM: %s\n", server->server_name_printable, uam_bitmap_to_string(server->using_uam));
+  // fprintf(stderr,  "Connected to server: %s via UAM: %s\n",
+  // server->server_name_printable, uam_bitmap_to_string(server->using_uam));

  FREE(conn_req);
  FREE(server);
@ -88,7 +88,6 @@ int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char
  init_uams();
  afp_default_url(&tmpurl);

-
  if (strlen(login = hydra_get_next_login()) == 0)
    login = empty;
  if (strlen(pass = hydra_get_next_password()) == 0)
@ -110,7 +109,6 @@ int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char
      return 3;
    return 2;
  } else {
-
    hydra_completed_pair();
    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
      return 2;
@ -127,7 +125,6 @@ void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
    return;

  while (1) {
-
    switch (run) {
    case 1: /* connect and service init function */
      if (sock >= 0)
@ -139,7 +136,8 @@ void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
        port = myport;
      }
      if (sock < 0) {
-        if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
+        if (quiet != 1)
+          fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
        hydra_child_exit(1);
      }

--- a/hydra-asterisk.c
+++ b/hydra-asterisk.c
@ -6,7 +6,6 @@

 #include "hydra-mod.h"

-
 extern char *HYDRA_EXIT;

 char *buf;
@ -41,7 +40,10 @@ int32_t start_asterisk(int32_t s, char *ip, int32_t port, unsigned char options,
    hydra_report(stderr, "[DEBUG] S: %s\n", buf);

  if (buf == NULL || (strstr(buf, "Response: ") == NULL)) {
-    hydra_report(stderr, "[ERROR] Asterisk Call Manager protocol error or service shutdown: %s\n", buf);
+    hydra_report(stderr,
+                 "[ERROR] Asterisk Call Manager protocol error or service "
+                 "shutdown: %s\n",
+                 buf);
    free(buf);
    return 4;
  }
@ -100,7 +102,10 @@ void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr
      if (buf == NULL || strstr(buf, "Asterisk Call Manager/") == NULL) {
        /* check the first line */
        if (verbose || debug)
-          hydra_report(stderr, "[ERROR] Not an Asterisk Call Manager protocol or service shutdown: %s\n", buf);
+          hydra_report(stderr,
+                       "[ERROR] Not an Asterisk Call Manager protocol or "
+                       "service shutdown: %s\n",
+                       buf);
        hydra_child_exit(2);
      }
      free(buf);
@ -114,6 +119,7 @@ void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr
      if (sock >= 0)
        sock = hydra_disconnect(sock);
      hydra_child_exit(0);
+      break;
    default:
      hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
      hydra_child_exit(2);
--- a/hydra-cisco-enable.c
+++ b/hydra-cisco-enable.c
@ -42,8 +42,7 @@ int32_t start_cisco_enable(int32_t s, char *ip, int32_t port, unsigned char opti
    }
  }

-  if (buf != NULL
-      && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "fail") != NULL || strstr(buf, "denied") != NULL)) {
+  if (buf != NULL && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "fail") != NULL || strstr(buf, "denied") != NULL)) {
    free(buf);
    hydra_completed_pair();
    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -87,7 +86,8 @@ void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *mis
        port = mysslport;
      }
      if (sock < 0) {
-          if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
+        if (quiet != 1)
+          fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
        hydra_child_exit(1);
      }

@ -101,7 +101,8 @@ void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *mis

        sprintf(buffer, "%.250s\r\n", login);
        if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
-            if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t) getpid());
+          if (quiet != 1)
+            fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t)getpid());
          hydra_child_exit(2);
        }
      }
@ -117,7 +118,8 @@ void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *mis

        sprintf(buffer, "%.250s\r\n", miscptr);
        if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
-            if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t) getpid());
+          if (quiet != 1)
+            fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t)getpid());
          hydra_child_exit(2);
        }
      }
@ -132,7 +134,11 @@ void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *mis
      }

      if (strstr(buf, "assw") != NULL) {
-          if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating - can not login, can not login\n", (int32_t) getpid());
+        if (quiet != 1)
+          fprintf(stderr,
+                  "[ERROR] Child with pid %d terminating - can not login, can "
+                  "not login\n",
+                  (int32_t)getpid());
        hydra_child_exit(2);
      }
      free(buf);
@ -147,7 +153,8 @@ void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *mis

      sprintf(buffer, "%.250s\r\n", "ena");
      if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
-          if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int32_t) getpid());
+        if (quiet != 1)
+          fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int32_t)getpid());
        hydra_child_exit(2);
      }

@ -160,7 +167,11 @@ void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *mis
          if (failc < retry) {
            next_run = 1;
            failc++;
-              if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int32_t) getpid(), failc, retry);
+            if (quiet != 1)
+              fprintf(stderr,
+                      "[ERROR] Child with pid %d was disconnected - retrying "
+                      "(%d of %d retries)\n",
+                      (int32_t)getpid(), failc, retry);
            sleep(3);
            break;
          } else {
@ -180,7 +191,8 @@ void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *mis
    case 3: /* clean exit */
      sprintf(buffer, "%.250s\r\n", "exit");
      if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
-        if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int32_t) getpid());
+        if (quiet != 1)
+          fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int32_t)getpid());
        hydra_child_exit(0);
      }
      if (sock >= 0)
@ -211,11 +223,15 @@ int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, c
 }

 void usage_cisco_enable(const char *service) {
-  printf("Module cisco-enable is optionally taking the logon password for the cisco device\n"
-         "Note: if AAA authentication is used, use the -l option for the username\n"
+  printf("Module cisco-enable is optionally taking the logon password for the "
+         "cisco device\n"
+         "Note: if AAA authentication is used, use the -l option for the "
+         "username\n"
         "and the optional parameter for the password of the user.\n"
         "Examples:\n"
         "  hydra -P pass.txt target cisco-enable  (direct console access)\n"
-         "  hydra -P pass.txt -m cisco target cisco-enable  (Logon password cisco)\n"
-         "  hydra -l foo -m bar -P pass.txt target cisco-enable  (AAA Login foo, password bar)\n");
+         "  hydra -P pass.txt -m cisco target cisco-enable  (Logon password "
+         "cisco)\n"
+         "  hydra -l foo -m bar -P pass.txt target cisco-enable  (AAA Login "
+         "foo, password bar)\n");
 }
--- a/hydra-cisco.c
+++ b/hydra-cisco.c
@ -5,7 +5,7 @@
 #endif

 extern char *HYDRA_EXIT;
-char *buf = NULL;
+static char *buf = NULL;

 int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
  char *empty = "";
@ -95,7 +95,6 @@ int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, ch
        }
      } while (buf != NULL && strlen(buf) <= 1);
    }
-
  }

  if (buf != NULL && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "ailur") != NULL)) {
@ -160,11 +159,16 @@ void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, F
          if (failc < retry) {
            next_run = 1;
            failc++;
-              if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int32_t) getpid(), failc, retry);
+            if (quiet != 1)
+              hydra_report(stderr,
+                           "[ERROR] Child with pid %d was disconnected - "
+                           "retrying (%d of %d retries)\n",
+                           (int32_t)getpid(), failc, retry);
            sleep(3);
            break;
          } else {
-              if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t) getpid());
+            if (quiet != 1)
+              hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t)getpid());
            hydra_child_exit(0);
          }
        }
@ -214,5 +218,7 @@ int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *mi
 }

 void usage_cisco(const char *service) {
-  printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n");
+  printf("Module cisco is optionally taking the keyword ENTER, it then sends "
+         "an initial\n"
+         "ENTER when connecting to the service.\n");
 }
--- a/hydra-cobaltstrike.c
+++ b/hydra-cobaltstrike.c
@ -0,0 +1,126 @@
+#include "hydra-mod.h"
+
+#define CSLEN 256
+
+extern char *HYDRA_EXIT;
+char *buf;
+
+int32_t start_cobaltstrike(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
+  char *empty = "";
+  char *pass, buffer[4 + 1 + 256];
+  char cs_pass[CSLEN + 1];
+  unsigned char len_pass;
+  unsigned char reply_byte_0;
+  unsigned char reply_byte_1;
+  unsigned char reply_byte_2;
+  unsigned char reply_byte_3;
+  int32_t ret = -1;
+
+  if (strlen(pass = hydra_get_next_password()) == 0)
+    pass = empty;
+  if (strlen(pass) > CSLEN)
+    pass[CSLEN - 1] = 0;
+  len_pass = strlen(pass);
+  memset(cs_pass, 0, CSLEN + 1);
+  strcpy(cs_pass, pass);
+
+  memset(buffer, 0x41, sizeof(buffer));
+  buffer[0] = 0x00;
+  buffer[1] = 0x00;
+  buffer[2] = 0xBE;
+  buffer[3] = 0xEF;
+  memcpy(buffer + 4, &len_pass, 1);
+  memcpy(buffer + 5, cs_pass, len_pass);
+
+  if (hydra_send(s, buffer, sizeof(buffer), 0) < 0)
+    return 1;
+
+  reply_byte_0 = 0x00;
+  ret = hydra_recv_nb(s, &reply_byte_0, 1);
+  if (ret <= 0)
+    return 3;
+
+  reply_byte_1 = 0x00;
+  ret = hydra_recv_nb(s, &reply_byte_1, 1);
+  if (ret <= 0)
+    return 3;
+
+  reply_byte_2 = 0x00;
+  ret = hydra_recv_nb(s, &reply_byte_2, 1);
+  if (ret <= 0)
+    return 3;
+
+  reply_byte_3 = 0x00;
+  ret = hydra_recv_nb(s, &reply_byte_3, 1);
+  if (ret <= 0)
+    return 3;
+
+  if (reply_byte_0 == 0x00 && reply_byte_1 == 0x00 && reply_byte_2 == 0xCA && reply_byte_3 == 0xFE) {
+    hydra_report_found_host(port, ip, "cobaltstrike", fp);
+    hydra_completed_pair_found();
+    free(buf);
+    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+      return 2;
+    return 1;
+  }
+
+  free(buf);
+  hydra_completed_pair();
+  if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+    return 2;
+
+  return 1;
+}
+
+void service_cobaltstrike(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
+  int32_t run = 1, next_run = 1, sock = -1;
+  int32_t mysslport = PORT_COBALTSTRIKE_SSL;
+
+  hydra_register_socket(sp);
+  if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+    return;
+  while (1) {
+    switch (run) {
+    case 1: /* connect and service init function */
+      if (port != 0)
+        mysslport = port;
+      sock = hydra_connect_ssl(ip, mysslport, hostname);
+      port = mysslport;
+      if (sock < 0) {
+        hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
+        hydra_child_exit(1);
+      }
+      next_run = start_cobaltstrike(sock, ip, port, options, miscptr, fp);
+      hydra_disconnect(sock);
+      break;
+    case 2: /* clean exit */
+      if (sock >= 0)
+        sock = hydra_disconnect(sock);
+      hydra_child_exit(0);
+      return;
+    case 3: /* clean exit */
+      if (sock >= 0)
+        sock = hydra_disconnect(sock);
+      hydra_child_exit(2);
+      return;
+    default:
+      hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
+      hydra_child_exit(2);
+    }
+    run = next_run;
+  }
+}
+
+int32_t service_cobaltstrike_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
+  // called before the childrens are forked off, so this is the function
+  // which should be filled if initial connections and service setup has to be
+  // performed once only.
+  //
+  // fill if needed.
+  //
+  // return codes:
+  //   0 all OK
+  //   -1  error, hydra will exit, so print a good error message here
+
+  return 0;
+}
--- a/hydra-cvs.c
+++ b/hydra-cvs.c
@ -30,13 +30,7 @@ int32_t start_cvs(int32_t s, char *ip, int32_t port, unsigned char options, char
  /  87   ? 105   O  35   _  56   o  48
  */

-  char key[] = { 0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87,
-    111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105,
-    0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35,
-    125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56,
-    0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48,
-    58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62
-  };
+  char key[] = {0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87, 111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105, 0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35, 125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56, 0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48, 58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62};

  if (strlen(login = hydra_get_next_login()) == 0)
    login = empty;
@ -151,5 +145,6 @@ int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *misc
 }

 void usage_cvs(const char *service) {
-  printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n");
+  printf("Module cvs is optionally taking the repository name to attack, "
+         "default is \"/root\"\n\n");
 }
--- a/hydra-firebird.c
+++ b/hydra-firebird.c
@ -14,16 +14,15 @@ the msg: "no permission for direct access to security database"
 #include "hydra-mod.h"

 #ifndef LIBFIREBIRD
-void dummy_firebird() {
-  printf("\n");
-}
+void dummy_firebird() { printf("\n"); }
 #else

-#include <stdio.h>
 #include <ibase.h>
+#include <stdio.h>

 #define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb"

+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;

 int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
@ -95,7 +94,6 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr
    return;

  while (1) {
-
    switch (run) {
    case 1: /* connect and service init function */
      if (sock >= 0)
@ -112,7 +110,8 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr
        port = mysslport;
      }
      if (sock < 0) {
-        if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
+        if (quiet != 1)
+          fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
        hydra_child_exit(1);
      }

@ -126,6 +125,8 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr
       */

      next_run = start_firebird(sock, ip, port, options, miscptr, fp);
+      if ((next_run == 1 || next_run == 2) && hydra_options.conwait)
+        sleep(hydra_options.conwait);
      break;
    case 3:

@ -160,5 +161,7 @@ int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char
 }

 void usage_firebird(const char *service) {
-  printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n");
+  printf("Module firebird is optionally taking the database path to attack,\n"
+         "default is \"C:\\Program "
+         "Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n");
 }
--- a/hydra-ftp.c
+++ b/hydra-ftp.c
@ -20,13 +20,16 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char
  buf = hydra_receive_line(s);
  if (buf == NULL)
    return 1;
-  /* special hack to identify 530 user unknown msg. suggested by Jean-Baptiste.BEAUFRETON@turbomeca.fr */
+  /* special hack to identify 530 user unknown msg. suggested by
+   * Jean-Baptiste.BEAUFRETON@turbomeca.fr */
  if (buf[0] == '5' && buf[1] == '3' && buf[2] == '0') {
    if (verbose)
      printf("[INFO] user %s does not exist, skipping\n", login);
    hydra_completed_pair_skip();
-    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
+      free(buf);
      return 4;
+    }
    free(buf);
    return 1;
  }
@ -34,8 +37,10 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char
  if (buf[0] == '2') {
    hydra_report_found_host(port, ip, "ftp", fp);
    hydra_completed_pair_found();
-    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
+      free(buf);
      return 4;
+    }
    free(buf);
    return 1;
  }
@ -60,8 +65,10 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char
  if (buf[0] == '2') {
    hydra_report_found_host(port, ip, "ftp", fp);
    hydra_completed_pair_found();
-    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
+      free(buf);
      return 4;
+    }
    free(buf);
    return 1;
  }
@ -155,10 +162,12 @@ void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr
      if (sock >= 0)
        sock = hydra_disconnect(sock);
      hydra_child_exit(2);
+      break;
    case 4: /* clean exit */
      if (sock >= 0)
        sock = hydra_disconnect(sock);
      hydra_child_exit(0);
+      break;
    default:
      hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
      hydra_child_exit(2);
@ -167,13 +176,9 @@ void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr
  }
 }

-void service_ftp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
-  service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 0);
-}
+void service_ftp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 0); }

-void service_ftps(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
-  service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 1);
-}
+void service_ftps(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 1); }

 int32_t service_ftp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
  // called before the childrens are forked off, so this is the function
--- a/hydra-gtk/Makefile.in
+++ b/hydra-gtk/Makefile.in
@ -61,8 +61,9 @@ CC = @CC@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
 PACKAGE = @PACKAGE@
-PACKAGE_CFLAGS = @PACKAGE_CFLAGS@
-PACKAGE_LIBS = @PACKAGE_LIBS@
+PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ -fcommon -Wl,--allow-multiple-definition
+PACKAGE_LDFLAGS = -fcommon -Wl,--allow-multiple-definition
+PACKAGE_LIBS = -fcommon -Wl,--allow-multiple-definition @PACKAGE_LIBS@
 PKG_CONFIG = @PKG_CONFIG@
 VERSION = @VERSION@

--- a/hydra-gtk/configure
+++ b/hydra-gtk/configure
@ -2233,15 +2233,15 @@ if test "$ac_test_CFLAGS" = set; then
  CFLAGS=$ac_save_CFLAGS
 elif test $ac_cv_prog_cc_g = yes; then
  if test "$GCC" = yes; then
-    CFLAGS="-g -O2"
+    CFLAGS="-g -O2 -fcommon -Wl,--allow-multiple-definition"
  else
-    CFLAGS="-g"
+    CFLAGS="-g -fcommon -Wl,--allow-multiple-definition"
  fi
 else
  if test "$GCC" = yes; then
-    CFLAGS="-O2"
+    CFLAGS="-O2 -fcommon -Wl,--allow-multiple-definition"
  else
-    CFLAGS=
+    CFLAGS="-fcommon -Wl,--allow-multiple-definition"
  fi
 fi
 echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5
@ -2391,7 +2391,7 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
  echo "$as_me:$LINENO: \$? = $ac_status" >&5
  (exit $ac_status); }; }; then
  for ac_declaration in \
-   '' \
+   '#include <stdlib.h>' \
   'extern "C" void std::exit (int) throw (); using std::exit;' \
   'extern "C" void std::exit (int); using std::exit;' \
   'extern "C" void exit (int) throw ();' \
@ -3192,7 +3192,7 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
  echo "$as_me:$LINENO: \$? = $ac_status" >&5
  (exit $ac_status); }; }; then
  for ac_declaration in \
-   '' \
+   '#include <stdlib.h>' \
   'extern "C" void std::exit (int) throw (); using std::exit;' \
   'extern "C" void std::exit (int); using std::exit;' \
   'extern "C" void exit (int) throw ();' \
@ -3797,8 +3797,8 @@ main ()
  for (i = 0; i < 256; i++)
    if (XOR (islower (i), ISLOWER (i))
 	|| toupper (i) != TOUPPER (i))
-      exit(2);
-  exit (0);
+      return 2;
+  return 0;
 }
 _ACEOF
 rm -f conftest$ac_exeext
--- a/hydra-gtk/configure.in
+++ b/hydra-gtk/configure.in
@ -10,7 +10,7 @@ AC_PROG_CC
 AM_PROG_CC_STDC
 AC_HEADER_STDC

-pkg_modules="gtk+-2.0 >= 2.0.0"
+pkg_modules="gtk+-3.0 >= 3.24.24"
 PKG_CHECK_MODULES(PACKAGE, [$pkg_modules])
 AC_SUBST(PACKAGE_CFLAGS)
 AC_SUBST(PACKAGE_LIBS)
--- a/hydra-gtk/src/Makefile.in
+++ b/hydra-gtk/src/Makefile.in
@ -61,8 +61,8 @@ CC = @CC@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
 PACKAGE = @PACKAGE@
-PACKAGE_CFLAGS = @PACKAGE_CFLAGS@
-PACKAGE_LIBS = @PACKAGE_LIBS@
+PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ -fcommon -Wl,--allow-multiple-definition
+PACKAGE_LIBS = -fcommon -Wl,--allow-multiple-definition @PACKAGE_LIBS@
 PKG_CONFIG = @PKG_CONFIG@
 VERSION = @VERSION@

--- a/hydra-gtk/src/callbacks.c
+++ b/hydra-gtk/src/callbacks.c
@ -15,29 +15,27 @@
 #include "interface.h"
 #include "support.h"

-#include <sys/types.h>
-#include <sys/wait.h>
+#include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/types.h>
-#include <sys/stat.h>
+#include <sys/wait.h>

+#include <fcntl.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <unistd.h>
-#include <fcntl.h>
 #include <string.h>
+#include <unistd.h>

 int hydra_pid = 0;

 char port[10];
 char tasks[10];
 char timeout[10];
-char smbparm[12];
+char smbparm[128];
 char sapr3id[4];
 char passLoginNull[4];

-
 #define BUF_S 1024

 void hydra_select_file(GtkEntry *widget, char *text) {
@ -45,8 +43,7 @@ void hydra_select_file(GtkEntry * widget, char *text) {
  GtkWidget *dialog;
  char *filename;

-  dialog = gtk_file_chooser_dialog_new(text, (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_OPEN,
-                                       GTK_STOCK_OPEN, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL);
+  dialog = gtk_file_chooser_dialog_new(text, (GtkWindow *)wndMain, GTK_FILE_CHOOSER_ACTION_OPEN, GTK_STOCK_OPEN, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL);

  if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) {
    filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog));
@ -274,7 +271,7 @@ int hydra_get_options(char *options[]) {
    options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget);

  } else if (!strcmp(tmp, "smb")) {
-    memset(smbparm, 0, 12);
+    memset(smbparm, 0, sizeof(smbparm));

    widget = lookup_widget(GTK_WIDGET(wndMain), "chkDomain");
    widget2 = lookup_widget(GTK_WIDGET(wndMain), "chkLocal");
@ -300,7 +297,18 @@ int hydra_get_options(char *options[]) {
      strcat(smbparm, "Hash");
    }
    options[i++] = smbparm;
+  } else if (!strcmp(tmp, "smb2")) {
+    memset(smbparm, 0, sizeof(smbparm));

+    options[i++] = "-m";
+    options[i++] = smbparm;
+
+    widget = lookup_widget(GTK_WIDGET(wndMain), "chkNTLM");
+    int pth = gtk_toggle_button_get_active((GtkToggleButton *)widget);
+
+    widget = lookup_widget(GTK_WIDGET(wndMain), "entSMB2Workgroup");
+
+    snprintf(smbparm, sizeof(smbparm) - 1, "nthash:%s workgroup:{%s}", pth ? "true" : "false", (char *)gtk_entry_get_text((GtkEntry *)widget));
  } else if (!strcmp(tmp, "sapr3")) {
    widget = lookup_widget(GTK_WIDGET(wndMain), "spnSAPR3");
    j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget);
@ -335,7 +343,6 @@ int hydra_get_options(char *options[]) {
  widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy");

  if (!gtk_toggle_button_get_active((GtkToggleButton *)widget)) {
-
    widget2 = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxy");
    widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy2");

@ -389,7 +396,6 @@ int update_statusbar() {
  i = hydra_get_options(options);

  for (j = 1; j < i; j++) {
-
    statustext = g_string_append(statustext, options[j]);
    statustext = g_string_append_c(statustext, ' ');
  }
@ -432,7 +438,6 @@ int read_into(int fd) {

  gtk_text_buffer_get_iter_at_offset(outputbuf, &outputiter, -1);

-
  if ((passline = strstr(in_buf, "password: ")) == NULL) {
    gtk_text_buffer_insert(outputbuf, &outputiter, in_buf, result);
  } else {
@ -450,10 +455,8 @@ int read_into(int fd) {
    if (end - in_buf - result > 0) {
      gtk_text_buffer_insert(outputbuf, &outputiter, end + 1, -1);
    }
-
  }

-
  if (strstr(in_buf, " finished at ") != NULL) {
    gtk_text_buffer_insert_with_tags_by_name(outputbuf, &outputiter, "<finished>\n\n", -1, "bold", NULL);
  }
@ -515,7 +518,6 @@ static int wait_hydra_output(gpointer data) {
    return TRUE;
 }

-
 /* assumes a successfull pipe() won't set the fd's to -1 */
 static void close_pipe(int *pipe) {
  if (-1 != pipe[0]) {
@ -535,8 +537,7 @@ static void close_pipe(int *pipe) {
 */

 int *popen_re_unbuffered(char *command) {
-  static int p_r[2] = { -1, -1 }, p_e[2] = {
-  -1, -1};
+  static int p_r[2] = {-1, -1}, p_e[2] = {-1, -1};
  static int *pfd = NULL;

  char *options[128];
@ -605,21 +606,15 @@ int *popen_re_unbuffered(char *command) {
  return pfd;
 }

-void on_quit1_activate(GtkMenuItem * menuitem, gpointer user_data) {
-  gtk_main_quit();
-}
+void on_quit1_activate(GtkMenuItem *menuitem, gpointer user_data) { gtk_main_quit(); }

-
-void on_about1_activate(GtkMenuItem * menuitem, gpointer user_data) {
-
-}
+void on_about1_activate(GtkMenuItem *menuitem, gpointer user_data) {}

 void on_btnStart_clicked(GtkButton *button, gpointer user_data) {
  int *fd = NULL;

  fd = popen_re_unbuffered(NULL);
  g_timeout_add(200, wait_hydra_output, fd);
-
 }

 void on_btnStop_clicked(GtkButton *button, gpointer user_data) {
@ -629,7 +624,6 @@ void on_btnStop_clicked(GtkButton * button, gpointer user_data) {
  }
 }

-
 void on_wndMain_destroy(GtkObject *object, gpointer user_data) {
  if (hydra_pid != 0) {
    kill(hydra_pid, SIGTERM);
@ -638,22 +632,18 @@ void on_wndMain_destroy(GtkObject * object, gpointer user_data) {
  gtk_main_quit();
 }

-
-
 gboolean on_entTargetFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) {
  hydra_select_file((GtkEntry *)widget, "Select target list");
  gtk_widget_grab_focus(widget);
  return TRUE;
 }

-
 gboolean on_entUsernameFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) {
  hydra_select_file((GtkEntry *)widget, "Select username list");
  gtk_widget_grab_focus(widget);
  return TRUE;
 }

-
 gboolean on_entPassFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) {
  hydra_select_file((GtkEntry *)widget, "Select password list");
  gtk_widget_grab_focus(widget);
@ -677,8 +667,7 @@ void on_btnSave_clicked(GtkButton * button, gpointer user_data) {
  GtkTextIter start;
  GtkTextIter end;

-  dialog = gtk_file_chooser_dialog_new("Save output", (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_SAVE,
-                                       GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL);
+  dialog = gtk_file_chooser_dialog_new("Save output", (GtkWindow *)wndMain, GTK_FILE_CHOOSER_ACTION_SAVE, GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL);
  if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) {
    filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog));

@ -690,7 +679,7 @@ void on_btnSave_clicked(GtkButton * button, gpointer user_data) {
    text = gtk_text_buffer_get_text(outputbuf, &start, &end, TRUE);

    fd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, 0644);
-    if (fd > 0) {
+    if (fd >= 0) {
      write(fd, text, strlen(text));
      close(fd);
    }
@ -704,7 +693,8 @@ void on_btnSave_clicked(GtkButton * button, gpointer user_data) {
 void on_chkColon_toggled(GtkToggleButton *togglebutton, gpointer user_data) {
  GtkWidget *user, *pass;

-  user = lookup_widget(GTK_WIDGET(wndMain), "frmUsername");;
+  user = lookup_widget(GTK_WIDGET(wndMain), "frmUsername");
+  ;
  pass = lookup_widget(GTK_WIDGET(wndMain), "frmPass");

  if (gtk_toggle_button_get_active(togglebutton)) {
@ -719,7 +709,8 @@ void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data) {
 void on_chkDisUser_toggled(GtkToggleButton *togglebutton, gpointer user_data) {
  GtkWidget *radioUsername1, *radioUsername2, *entUsername, *entUsernameFile;

-  radioUsername1 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1");;
+  radioUsername1 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1");
+  ;
  radioUsername2 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername2");
  entUsername = lookup_widget(GTK_WIDGET(wndMain), "entUsername");
  entUsernameFile = lookup_widget(GTK_WIDGET(wndMain), "entUsernameFile");
--- a/hydra-gtk/src/interface.c
+++ b/hydra-gtk/src/interface.c
@ -7,13 +7,13 @@
 #include <config.h>
 #endif

-#include <sys/types.h>
 #include <sys/stat.h>
+#include <sys/types.h>
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
-#include <string.h>
 #include <stdio.h>
+#include <string.h>

 #include <gdk/gdkkeysyms.h>
 #include <gtk/gtk.h>
@ -22,12 +22,9 @@
 #include "interface.h"
 #include "support.h"

-#define GLADE_HOOKUP_OBJECT(component,widget,name) \
-  g_object_set_data_full (G_OBJECT (component), name, \
-    gtk_widget_ref (widget), (GDestroyNotify) gtk_widget_unref)
+#define GLADE_HOOKUP_OBJECT(component, widget, name) g_object_set_data_full(G_OBJECT(component), name, gtk_widget_ref(widget), (GDestroyNotify)gtk_widget_unref)

-#define GLADE_HOOKUP_OBJECT_NO_REF(component,widget,name) \
-  g_object_set_data (G_OBJECT (component), name, widget)
+#define GLADE_HOOKUP_OBJECT_NO_REF(component, widget, name) g_object_set_data(G_OBJECT(component), name, widget)

 GtkWidget *create_wndMain(void) {
  GtkWidget *wndMain;
@ -171,6 +168,9 @@ GtkWidget *create_wndMain(void) {
  GtkWidget *btnClear;
  GtkWidget *label4;
  GtkWidget *statusbar;
+  GtkWidget *lblSMB2;
+  GtkWidget *entSMB2Workgroup;
+  GtkWidget *fraSMB2;
  GtkAccelGroup *accel_group;
  GtkTooltips *tooltips;

@ -273,6 +273,7 @@ GtkWidget *create_wndMain(void) {
  cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sapr3");
  cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sip");
  cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smb");
+  cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smb2");
  cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smtp");
  cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "snmp");
  cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "socks5");
@ -311,7 +312,6 @@ GtkWidget *create_wndMain(void) {
  gtk_table_attach(GTK_TABLE(table8), label6, 0, 1, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
  gtk_misc_set_alignment(GTK_MISC(label6), 0, 0.5);

-
  chkIPV6 = gtk_check_button_new_with_mnemonic("Prefer IPV6");
  gtk_widget_set_name(chkIPV6, "chkIPV6");
  gtk_widget_show(chkIPV6);
@ -388,25 +388,19 @@ GtkWidget *create_wndMain(void) {
  chkServiceDetails = gtk_check_button_new_with_mnemonic("Service Module Usage Details");
  gtk_widget_set_name(chkServiceDetails, "chkServiceDetails");
  gtk_widget_show(chkServiceDetails);
-  gtk_table_attach (GTK_TABLE (table9), chkServiceDetails, 2, 3, 2, 3,
-                    (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
-                    (GtkAttachOptions) (GTK_EXPAND), 0, 0);
+  gtk_table_attach(GTK_TABLE(table9), chkServiceDetails, 2, 3, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
  gtk_tooltips_set_tip(tooltips, chkServiceDetails, "Service Module Usage Details", NULL);

  chkCompleteHelp = gtk_check_button_new_with_mnemonic("COMPLETE HELP");
  gtk_widget_set_name(chkCompleteHelp, "chkCompleteHelp");
  gtk_widget_show(chkCompleteHelp);
-  gtk_table_attach (GTK_TABLE (table9), chkCompleteHelp, 0, 2, 2, 3,
-                    (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
-                    (GtkAttachOptions) (GTK_EXPAND), 0, 0);
+  gtk_table_attach(GTK_TABLE(table9), chkCompleteHelp, 0, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
  gtk_tooltips_set_tip(tooltips, chkCompleteHelp, "Complete Help", NULL);

  chkOldSSL = gtk_check_button_new_with_mnemonic("Use old SSL");
  gtk_widget_set_name(chkOldSSL, "chkOldSSL");
  gtk_widget_show(chkOldSSL);
-  gtk_table_attach (GTK_TABLE (table9), chkOldSSL, 1, 2, 0, 1,
-                    (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
-                    (GtkAttachOptions) (GTK_EXPAND), 0, 0);
+  gtk_table_attach(GTK_TABLE(table9), chkOldSSL, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
  gtk_tooltips_set_tip(tooltips, chkOldSSL, "Enable to use old SSL (the target must have SSL enabled!)", NULL);

  label29 = gtk_label_new("Output Options");
@ -519,18 +513,14 @@ GtkWidget *create_wndMain(void) {
  radioGenerate = gtk_radio_button_new_with_mnemonic(NULL, "Generate");
  gtk_widget_set_name(radioGenerate, "radioGenerate");
  gtk_widget_show(radioGenerate);
-  gtk_table_attach (GTK_TABLE (table3), radioGenerate, 0, 1, 2, 3,
-                    (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
-                    (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0);
+  gtk_table_attach(GTK_TABLE(table3), radioGenerate, 0, 1, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0);
  gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioGenerate), radioPass1_group);
  radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioGenerate));

  entGeneration = gtk_entry_new();
  gtk_widget_set_name(entGeneration, "entGeneration");
  gtk_widget_show(entGeneration);
-  gtk_table_attach (GTK_TABLE (table3), entGeneration, 1, 2, 2, 3,
-                    (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
-                    (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0);
+  gtk_table_attach(GTK_TABLE(table3), entGeneration, 1, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0);
  gtk_tooltips_set_tip(tooltips, entGeneration, "Generate passwords", NULL);
  gtk_entry_set_text(GTK_ENTRY(entGeneration), "1:1:a");

@ -739,17 +729,13 @@ GtkWidget *create_wndMain(void) {
  chkExitF = gtk_check_button_new_with_mnemonic("Exit after first found pair (global)");
  gtk_widget_set_name(chkExitF, "chkExitF");
  gtk_widget_show(chkExitF);
-  gtk_table_attach (GTK_TABLE (table10), chkExitF, 0, 2, 3, 4,
-                    (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
-                    (GtkAttachOptions) (GTK_EXPAND), 0, 0);
+  gtk_table_attach(GTK_TABLE(table10), chkExitF, 0, 2, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
  gtk_tooltips_set_tip(tooltips, chkExitF, "Enable this to stop all attacking processes once a valid login/password pair is found (global)", NULL);

  chkNoErr = gtk_check_button_new_with_mnemonic("Do not print messages about connection errors");
  gtk_widget_set_name(chkNoErr, "chkNoErr");
  gtk_widget_show(chkNoErr);
-  gtk_table_attach (GTK_TABLE (table10), chkNoErr, 0, 2, 4, 5,
-                    (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK),
-                    (GtkAttachOptions) (GTK_EXPAND), 0, 0);
+  gtk_table_attach(GTK_TABLE(table10), chkNoErr, 0, 2, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0);
  gtk_tooltips_set_tip(tooltips, chkNoErr, "Do not print messages about connection errors", NULL);

  label30 = gtk_label_new("Performance Options");
@ -849,25 +835,42 @@ GtkWidget *create_wndMain(void) {
  gtk_widget_set_name(chkLocal, "chkLocal");
  gtk_widget_show(chkLocal);
  gtk_box_pack_start(GTK_BOX(hbox2), chkLocal, TRUE, TRUE, 0);
-  gtk_tooltips_set_tip(tooltips, chkLocal, "Just attack local accounts", NULL);
+  gtk_tooltips_set_tip(tooltips, chkLocal, "Just attack local accounts (only valid for smb module)", NULL);

  chkDomain = gtk_check_button_new_with_mnemonic("domain accounts");
  gtk_widget_set_name(chkDomain, "chkDomain");
  gtk_widget_show(chkDomain);
  gtk_box_pack_start(GTK_BOX(hbox2), chkDomain, TRUE, TRUE, 0);
-  gtk_tooltips_set_tip(tooltips, chkDomain, "Attack domain and local accounts", NULL);
+  gtk_tooltips_set_tip(tooltips, chkDomain, "Attack domain and local accounts (only valid for smb module)", NULL);

  chkNTLM = gtk_check_button_new_with_mnemonic("Interpret passes as NTLM hashes");
  gtk_widget_set_name(chkNTLM, "chkNTLM");
  gtk_widget_show(chkNTLM);
  gtk_box_pack_start(GTK_BOX(hbox2), chkNTLM, FALSE, FALSE, 0);
-  gtk_tooltips_set_tip(tooltips, chkNTLM, "Interpret passes as NTML hashes", NULL);
+  gtk_tooltips_set_tip(tooltips, chkNTLM, "Interpret passes as NTML hashes  (valid for both smb and smb2 modules)", NULL);

  label18 = gtk_label_new("SMB");
  gtk_widget_set_name(label18, "label18");
  gtk_widget_show(label18);
  gtk_frame_set_label_widget(GTK_FRAME(frame6), label18);

+  fraSMB2 = gtk_frame_new(NULL);
+  gtk_widget_set_name(fraSMB2, "fraSMB2");
+  gtk_widget_show(fraSMB2);
+  gtk_box_pack_start(GTK_BOX(vbox4), fraSMB2, TRUE, TRUE, 0);
+
+  entSMB2Workgroup = gtk_entry_new();
+  gtk_widget_set_name(entSMB2Workgroup, "entSMB2Workgroup");
+  gtk_widget_show(entSMB2Workgroup);
+  gtk_container_add(GTK_CONTAINER(fraSMB2), entSMB2Workgroup);
+  gtk_tooltips_set_tip(tooltips, entSMB2Workgroup, "Workgroup to use for SMB authentication (only valid for smb2 module)", NULL);
+  gtk_entry_set_text(GTK_ENTRY(entSMB2Workgroup), "WORKGROUP");
+
+  lblSMB2 = gtk_label_new("SMB2 Workgroup");
+  gtk_widget_set_name(lblSMB2, "lblSMB2");
+  gtk_widget_show(lblSMB2);
+  gtk_frame_set_label_widget(GTK_FRAME(fraSMB2), lblSMB2);
+
  frame7 = gtk_frame_new(NULL);
  gtk_widget_set_name(frame7, "frame7");
  gtk_widget_show(frame7);
@ -1164,6 +1167,7 @@ GtkWidget *create_wndMain(void) {
  GLADE_HOOKUP_OBJECT(wndMain, label4, "label4");
  GLADE_HOOKUP_OBJECT(wndMain, statusbar, "statusbar");
  GLADE_HOOKUP_OBJECT_NO_REF(wndMain, tooltips, "tooltips");
+  GLADE_HOOKUP_OBJECT(wndMain, entSMB2Workgroup, "entSMB2Workgroup");

  gtk_window_add_accel_group(GTK_WINDOW(wndMain), accel_group);

--- a/hydra-gtk/src/main.c
+++ b/hydra-gtk/src/main.c
@ -8,19 +8,23 @@
 #include <config.h>
 #endif

-#include <gtk/gtk.h>
-#include <string.h>
+#include "callbacks.h"
 #include "interface.h"
 #include "support.h"
-#include "callbacks.h"
+#include <gtk/gtk.h>
+#include <string.h>

 char *hydra_path1 = "./hydra";
 char *hydra_path2 = "/usr/local/bin/hydra";
 char *hydra_path3 = "/usr/bin/hydra";
+char *hydra_path4 = "/data/data/com.termux/files/usr/bin/hydra";
+char *hydra_path5 = "/data/data/com.termux/files/usr/local/bin/hydra";

+GtkWidget *wndMain;
+char *HYDRA_BIN;
+guint message_id;

 int main(int argc, char *argv[]) {
-  extern GtkWidget *wndMain;
  int i;
  extern guint message_id;
  GtkWidget *output;
@ -51,6 +55,10 @@ int main(int argc, char *argv[]) {
    HYDRA_BIN = hydra_path2;
  } else if (g_file_test(hydra_path3, G_FILE_TEST_IS_EXECUTABLE)) {
    HYDRA_BIN = hydra_path3;
+  } else if (g_file_test(hydra_path4, G_FILE_TEST_IS_EXECUTABLE)) {
+    HYDRA_BIN = hydra_path4;
+  } else if (g_file_test(hydra_path5, G_FILE_TEST_IS_EXECUTABLE)) {
+    HYDRA_BIN = hydra_path5;
  } else {
    g_error("Please tell me where hydra is, use --hydra-path\n");
    return -1;
@ -60,7 +68,6 @@ int main(int argc, char *argv[]) {
  wndMain = create_wndMain();
  gtk_widget_show(wndMain);

-
  /* if we can't use the new cool file chooser, the save button gets disabled */
 #ifndef GTK_TYPE_FILE_CHOOSER
  GtkWidget *btnSave;
@ -69,7 +76,6 @@ int main(int argc, char *argv[]) {
  gtk_widget_set_sensitive(btnSave, FALSE);
 #endif

-
  /* update the statusbar every now and then */
  g_timeout_add(600, update_statusbar, NULL);

--- a/hydra-gtk/src/support.c
+++ b/hydra-gtk/src/support.c
@ -7,11 +7,11 @@
 #include <config.h>
 #endif

-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <string.h>
 #include <stdio.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>

 #include <gtk/gtk.h>

@ -41,9 +41,7 @@ GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name) {
 static GList *pixmaps_directories = NULL;

 /* Use this function to set the directory containing installed pixmaps. */
-void add_pixmap_directory(const gchar * directory) {
-  pixmaps_directories = g_list_prepend(pixmaps_directories, g_strdup(directory));
-}
+void add_pixmap_directory(const gchar *directory) { pixmaps_directories = g_list_prepend(pixmaps_directories, g_strdup(directory)); }

 /* This is an internally used function to find pixmap files. */
 static gchar *find_pixmap_file(const gchar *filename) {
@ -52,8 +50,7 @@ static gchar *find_pixmap_file(const gchar * filename) {
  /* We step through each of the pixmaps directory to find it. */
  elem = pixmaps_directories;
  while (elem) {
-    gchar *pathname = g_strdup_printf("%s%s%s", (gchar *) elem->data,
-                                      G_DIR_SEPARATOR_S, filename);
+    gchar *pathname = g_strdup_printf("%s%s%s", (gchar *)elem->data, G_DIR_SEPARATOR_S, filename);

    if (g_file_test(pathname, G_FILE_TEST_EXISTS))
      return pathname;
--- a/hydra-gtk/src/support.h
+++ b/hydra-gtk/src/support.h
@ -21,11 +21,9 @@
 */
 GtkWidget *lookup_widget(GtkWidget *widget, const gchar *widget_name);

-
 /* Use this function to set the directory containing installed pixmaps. */
 void add_pixmap_directory(const gchar *directory);

-
 /*
 * Private Functions.
 */
@ -39,7 +37,6 @@ GdkPixbuf *create_pixbuf(const gchar * filename);
 /* This is used to set ATK action descriptions. */
 void glade_set_atk_action_description(AtkAction *action, const gchar *action_name, const gchar *description);

-
-GtkWidget *wndMain;
-char *HYDRA_BIN;
-guint message_id;
+extern GtkWidget *wndMain;
+extern char *HYDRA_BIN;
+extern guint message_id;
--- a/hydra-http-form.c
+++ b/hydra-http-form.c
--- a/hydra-http-proxy-urlenum.c
+++ b/hydra-http-proxy-urlenum.c
@ -28,17 +28,17 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha
    ptr++;
  strncpy(mhost, ptr, sizeof(mhost) - 1);
  mhost[sizeof(mhost) - 1] = 0;
-  if ((ptr = index(mhost, '/')) != NULL)
+  if ((ptr = strchr(mhost, '/')) != NULL)
    *ptr = 0;
-  if ((ptr = index(mhost, ']')) != NULL)
+  if ((ptr = strchr(mhost, ']')) != NULL)
    *ptr = 0;
-  else if ((ptr = index(mhost, ':')) != NULL)
+  else if ((ptr = strchr(mhost, ':')) != NULL)
    *ptr = 0;

-  if (miscptr != NULL && index(miscptr, ':') != NULL) {
+  if (miscptr != NULL && strchr(miscptr, ':') != NULL) {
    strncpy(mlogin, miscptr, sizeof(mlogin) - 1);
    mlogin[sizeof(mlogin) - 1] = 0;
-    ptr = index(mlogin, ':');
+    ptr = strchr(mlogin, ':');
    *ptr++ = 0;
    strncpy(mpass, ptr, sizeof(mpass) - 1);
    mpass[sizeof(mpass) - 1] = 0;
@ -75,7 +75,10 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha
      http_proxy_auth_mechanism = AUTH_BASIC;
      sprintf(buffer2, "%.50s:%.50s", login, pass);
      hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
-      sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header);
+      sprintf(buffer,
+              "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic "
+              "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
+              url, host, buffer2, header);
      if (debug)
        hydra_report(stderr, "C:%s\n", buffer);
      if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
@ -105,14 +108,18 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha

        http_proxy_auth_mechanism = AUTH_NTLM;
        // send auth and receive challenge
-        //send auth request: let the server send it's own hostname and domainname
+        // send auth request: let the server send it's own hostname and
+        // domainname
        buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL);
        to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2));

-        /* to be portable, no snprintf, buffer is big enough so it can't overflow */
+        /* to be portable, no snprintf, buffer is big enough so it can't
+         * overflow */
        // send the first..
-        sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1,
-                header);
+        sprintf(buffer,
+                "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: "
+                "Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n",
+                url, host, buf1, header);
        if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
          return 1;

@ -143,8 +150,10 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha
        // Send response
        buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL);
        to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));
-        sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1,
-                header);
+        sprintf(buffer,
+                "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: "
+                "Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n",
+                url, host, buf1, header);
        if (debug)
          hydra_report(stderr, "C:%s\n", buffer);
        if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
@ -161,7 +170,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha
      } else {
 #ifdef LIBOPENSSL
        if (hydra_strcasestr(buf, "Proxy-Authenticate: Digest") != NULL) {
-          char *pbuffer;
+          char *pbuffer, *result;

          http_proxy_auth_mechanism = AUTH_DIGESTMD5;
          pbuffer = hydra_strcasestr(buf, "Proxy-Authenticate: Digest ");
@ -169,8 +178,8 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha
          buffer[sizeof(buffer) - 1] = '\0';

          pbuffer = buffer2;
-          sasl_digest_md5(pbuffer, login, pass, buffer, miscptr, "proxy", host, 0, header);
-          if (pbuffer == NULL)
+          result = sasl_digest_md5(pbuffer, login, pass, buffer, miscptr, "proxy", host, 0, header);
+          if (result == NULL)
            return 3;

          if (debug)
@ -206,7 +215,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha
    }
  }
  // result analysis
-  ptr = ((char *) index(buf, ' ')) + 1;
+  ptr = ((char *)strchr(buf, ' ')) + 1;
  if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) {
    hydra_report_found_host(port, ip, "http-proxy", fp);
    if (fp != stdout)
@ -256,7 +265,8 @@ void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, cha
        port = mysslport;
      }
      if (sock < 0) {
-          if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
+        if (quiet != 1)
+          fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
        hydra_child_exit(1);
      }
      next_run = 2;
@ -293,8 +303,12 @@ int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char opti
 }

 void usage_http_proxy_urlenum(const char *service) {
-  printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n"
+  printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P "
+         "option.\n"
         "The -L loginfile must contain the URL list to try through the proxy.\n"
         "The proxy credentials cann be put as the optional parameter, e.g.\n"
-         "   hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" "   hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n");
+         "   hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum "
+         "user:pass\n"
+         "   hydra -L urllist.txt "
+         "http-proxy-urlenum://target.com:3128/user:pass\n\n");
 }
--- a/hydra-http-proxy.c
+++ b/hydra-http-proxy.c
@ -7,10 +7,10 @@ char *http_proxy_buf = NULL;

 int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) {
  char *empty = "";
-  char *login, *pass, buffer[500], buffer2[500];
-  char url[210], host[60];
+  char *login, *pass, buffer[5000], buffer2[4500];
+  char url[510], host[60];
  char *header = ""; /* XXX TODO */
-  char *ptr, *fooptr;
+  char *ptr, *fooptr, *auth_hdr;

  if (strlen(login = hydra_get_next_login()) == 0)
    login = empty;
@ -21,12 +21,12 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
    strcpy(url, "http://www.microsoft.com/");
    strcpy(host, "Host: www.microsoft.com\r\n");
  } else {
-    sprintf(url, "%.200s", miscptr);
+    sprintf(url, "%.500s", miscptr);
    ptr = strstr(miscptr, "://"); // :// check is in hydra.c
    sprintf(host, "Host: %.50s", ptr + 3);
-    if ((ptr = index(host, '/')) != NULL)
+    if ((ptr = strchr(host, '/')) != NULL)
      *ptr = 0;
-    if ((ptr = index(host + 6, ':')) != NULL && host[0] != '[')
+    if ((ptr = strchr(host + 6, ':')) != NULL && host[0] != '[')
      *ptr = 0;
    strcat(host, "\r\n");
  }
@ -50,24 +50,24 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
      return 3;
    }

-    if (debug)
-      hydra_report(stderr, "S:%s\n", http_proxy_buf);
+    if (debug) {
+      hydra_report(stderr, "S:%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), http_proxy_buf);
+    }

-    free(http_proxy_buf);
-    http_proxy_buf = hydra_receive_line(s);
-    while (http_proxy_buf != NULL && hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:") == NULL) {
+    while (http_proxy_buf != NULL && (auth_hdr = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:")) == NULL) {
      free(http_proxy_buf);
      http_proxy_buf = hydra_receive_line(s);
    }

-    if (http_proxy_buf == NULL) {
+    if (auth_hdr == NULL) {
      if (verbose)
        hydra_report(stderr, "[ERROR] Proxy seems not to require authentication\n");
      return 3;
    }

-    if (debug)
-      hydra_report(stderr, "S:%s\n", http_proxy_buf);
+    if (debug) {
+      hydra_report(stderr, "S:%-.*s\n", (int)(strchr(auth_hdr, '\r') - auth_hdr), auth_hdr);
+    }

    // after the first query we should have been disconnected from web server
    s = hydra_disconnect(s);
@ -78,11 +78,15 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
    }
  }

-  if (http_proxy_auth_mechanism == AUTH_BASIC || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Basic") != NULL) {
+  if (http_proxy_auth_mechanism == AUTH_BASIC || hydra_strcasestr(auth_hdr, "Proxy-Authenticate: Basic") != NULL) {
    http_proxy_auth_mechanism = AUTH_BASIC;
+    auth_hdr = NULL;
    sprintf(buffer2, "%.50s:%.50s", login, pass);
    hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
-    sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header);
+    sprintf(buffer,
+            "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: "
+            "Mozilla/4.0 (Hydra)\r\n%s\r\n",
+            url, host, buffer2, header);
    if (debug)
      hydra_report(stderr, "C:%s\n", buffer);
    if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
@ -102,24 +106,29 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
      return 3;
    }

-    if (debug)
-      hydra_report(stderr, "S:%s\n", http_proxy_buf);
+    if (debug) {
+      hydra_report(stderr, "S:%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), http_proxy_buf);
+    }
  } else {
-    if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM") != NULL) {
-
+    if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(auth_hdr, "Proxy-Authenticate: NTLM") != NULL) {
      unsigned char buf1[4096];
      unsigned char buf2[4096];
      char *pos = NULL;

      http_proxy_auth_mechanism = AUTH_NTLM;
+      auth_hdr = NULL;
      // send auth and receive challenge
      // send auth request: let the server send it's own hostname and domainname
      buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL);
      to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2));

-      /* to be portable, no snprintf, buffer is big enough so it can't overflow */
+      /* to be portable, no snprintf, buffer is big enough so it can't overflow
+       */
      // send the first..
-      sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header);
+      sprintf(buffer,
+              "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: "
+              "Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n",
+              url, host, buf1, header);
      if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
        return 3;

@ -151,7 +160,10 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
      // Send response
      buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL);
      to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));
-      sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header);
+      sprintf(buffer,
+              "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: "
+              "Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n",
+              url, host, buf1, header);
      if (debug)
        hydra_report(stderr, "C:%s\n", buffer);
      if (hydra_send(s, buffer, strlen(buffer), 0) < 0)
@ -169,19 +181,19 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
        return 3;
    } else {
 #ifdef LIBOPENSSL
-      if (hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest") != NULL) {
-
-        char *pbuffer;
+      if (hydra_strcasestr(auth_hdr, "Proxy-Authenticate: Digest") != NULL) {
+        char *pbuffer, *result;

        http_proxy_auth_mechanism = AUTH_DIGESTMD5;
+        auth_hdr = NULL;
        pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest ");
        strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer));
        buffer[sizeof(buffer) - 1] = '\0';
        pbuffer = NULL;

        fooptr = buffer2;
-        sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "proxy", host, 0, header);
-        if (fooptr == NULL)
+        result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "proxy", host, 0, header);
+        if (result == NULL)
          return 3;

        if (debug)
@ -196,8 +208,9 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
          http_proxy_buf = hydra_receive_line(s);
        }

-        if (debug && http_proxy_buf != NULL)
-          hydra_report(stderr, "S:%s\n", http_proxy_buf);
+        if (debug && http_proxy_buf != NULL) {
+          hydra_report(stderr, "S:%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), http_proxy_buf);
+        }

        if (http_proxy_buf == NULL)
          return 3;
@ -205,9 +218,10 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
      } else
 #endif
      {
-        if (http_proxy_buf != NULL) {
+        if (auth_hdr != NULL) {
          //          buf[strlen(http_proxy_buf) - 1] = '\0';
-          hydra_report(stderr, "Unsupported Auth type:\n%s\n", http_proxy_buf);
+          hydra_report(stderr, "Unsupported Auth type:\n%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - auth_hdr), auth_hdr);
+          auth_hdr = NULL;
          free(http_proxy_buf);
          http_proxy_buf = NULL;
        } else {
@ -218,15 +232,15 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
    }
  }

-  ptr = ((char *) index(http_proxy_buf, ' ')) + 1;
-  if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2')) {
+  ptr = ((char *)strchr(http_proxy_buf, ' ')) + 1;
+  if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2') || (*ptr == '4' && *(ptr + 2) == '4')) {
    hydra_report_found_host(port, ip, "http-proxy", fp);
    hydra_completed_pair_found();
    free(http_proxy_buf);
    http_proxy_buf = NULL;
  } else {
    if (*ptr != '4')
-      hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char) *(index(http_proxy_buf, ' ') + 1), login, pass);
+      hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char)*(strchr(http_proxy_buf, ' ') + 1), login, pass);
    else if (verbose && *(ptr + 2) == '3')
      hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass);
    hydra_completed_pair();
@ -277,7 +291,8 @@ void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscp
      }

      if (sock < 0) {
-          if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
+        if (quiet != 1)
+          fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
        hydra_child_exit(1);
      }
      next_run = 2;
@ -315,5 +330,7 @@ int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, cha

 void usage_http_proxy(const char *service) {
  printf("Module http-proxy is optionally taking the page to authenticate at.\n"
-         "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n");
+         "Default is http://www.microsoft.com/)\n"
+         "Basic, DIGEST-MD5 and NTLM are supported and negotiated "
+         "automatically.\n\n");
 }
--- a/hydra-http.c
+++ b/hydra-http.c
@ -5,7 +5,12 @@ extern char *HYDRA_EXIT;
 char *webtarget = NULL;
 char *slash = "/";
 char *http_buf = NULL;
-int32_t webport, freemischttp = 0;
+
+#define END_CONDITION_MAX_LEN 100
+static char end_condition[END_CONDITION_MAX_LEN];
+int end_condition_type = -1;
+
+int32_t webport;
 int32_t http_auth_mechanism = AUTH_UNASSIGNED;

 int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *type, ptr_header_node ptr_head) {
@ -46,14 +51,24 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha

    /* again: no snprintf to be portable. don't worry, buffer can't overflow */
    if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL)
-      sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
-              type, webtarget, webport, miscptr, webtarget, buffer2, proxy_authentication[selected_proxy], header);
+      sprintf(buffer,
+              "%s http://%s%.250s HTTP/1.1\r\nHost: %s\r\nConnection: "
+              "close\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic "
+              "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
+              type, webtarget, miscptr, webtarget, buffer2, proxy_authentication[selected_proxy], header);
    else {
      if (use_proxy == 1)
-        sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
-                type, webtarget, webport, miscptr, webtarget, buffer2, header);
+        sprintf(buffer,
+                "%s http://%s%.250s HTTP/1.1\r\nHost: %s\r\nConnection: "
+                "close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 "
+                "(Hydra)\r\n%s\r\n",
+                type, webtarget, miscptr, webtarget, buffer2, header);
      else
-        sprintf(buffer, "%s %.250s HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget, buffer2, header);
+        sprintf(buffer,
+                "%s %.250s HTTP/1.1\r\nHost: %s\r\nConnection: "
+                "close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 "
+                "(Hydra)\r\n%s\r\n",
+                type, miscptr, webtarget, buffer2, header);
    }
    if (debug)
      hydra_report(stderr, "C:%s\n", buffer);
@ -61,15 +76,15 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha

 #ifdef LIBOPENSSL
  case AUTH_DIGESTMD5: {
-      char *pbuffer;
+    char *pbuffer, *result;

    pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest ");
    strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), buffer_size - 1);
    buffer[buffer_size - 1] = '\0';

    fooptr = buffer2;
-      sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header);
-      if (fooptr == NULL) {
+    result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header);
+    if (result == NULL) {
      free(buffer);
      free(header);
      return 3;
@ -78,8 +93,7 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
    if (debug)
      hydra_report(stderr, "C:%s\n", buffer2);
    strcpy(buffer, buffer2);
-    }
-    break;
+  } break;
 #endif

  case AUTH_NTLM: {
@ -96,15 +110,21 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
    // send the first..
    if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL)
      sprintf(buffer,
-                "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
-                type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header);
+              "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
+              "%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 "
+              "(Hydra)\r\n%s\r\n",
+              type, webtarget, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header);
    else {
      if (use_proxy == 1)
-          sprintf(buffer, "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
-                  type, webtarget, webport, miscptr, webtarget, buf1, header);
+        sprintf(buffer,
+                "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
+                "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
+                type, webtarget, miscptr, webtarget, buf1, header);
      else
-          sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget,
-                  buf1, header);
+        sprintf(buffer,
+                "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
+                "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
+                type, miscptr, webtarget, buf1, header);
    }

    if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
@ -154,21 +174,26 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
    // create the auth response
    if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL)
      sprintf(buffer,
-                "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
-                type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header);
+              "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
+              "%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 "
+              "(Hydra)\r\n%s\r\n",
+              type, webtarget, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header);
    else {
      if (use_proxy == 1)
-          sprintf(buffer, "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
-                  type, webtarget, webport, miscptr, webtarget, buf1, header);
+        sprintf(buffer,
+                "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
+                "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
+                type, webtarget, miscptr, webtarget, buf1, header);
      else
-          sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget,
-                  buf1, header);
+        sprintf(buffer,
+                "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM "
+                "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n",
+                type, miscptr, webtarget, buf1, header);
    }

    if (debug)
      hydra_report(stderr, "C:%s\n", buffer);
-    }
-    break;
+  } break;
  }

  if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
@ -183,8 +208,9 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
  complete_line = 0;
  tmpreplybuf[0] = 0;

-  while (http_buf != NULL && (strstr(http_buf, "HTTP/1.") == NULL || (index(http_buf, '\n') == NULL && complete_line == 0))) {
-    if (debug) printf("il: %d, tmpreplybuf: %s, http_buf: %s\n", complete_line, tmpreplybuf, http_buf);
+  while (http_buf != NULL && (strstr(http_buf, "HTTP/1.") == NULL || (strchr(http_buf, '\n') == NULL && complete_line == 0))) {
+    if (debug)
+      printf("il: %d, tmpreplybuf: %s, http_buf: %s\n", complete_line, tmpreplybuf, http_buf);
    if (tmpreplybuf[0] == 0 && strstr(http_buf, "HTTP/1.") != NULL) {
      strncpy(tmpreplybuf, http_buf, sizeof(tmpreplybuf) - 1);
      tmpreplybuf[sizeof(tmpreplybuf) - 1] = 0;
@ -197,7 +223,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
        strcat(tmpreplybufptr, http_buf);
        free(http_buf);
        http_buf = tmpreplybufptr;
-        if (debug) printf("http_buf now: %s\n", http_buf);
+        if (debug)
+          printf("http_buf now: %s\n", http_buf);
      }
    } else {
      free(http_buf);
@ -218,12 +245,24 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
  if (debug)
    hydra_report(stderr, "S:%s\n", http_buf);

-  ptr = ((char *) index(http_buf, ' '));
+  ptr = ((char *)strchr(http_buf, ' '));
  if (ptr != NULL)
    ptr++;
  if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) {
+#ifdef HAVE_PCRE
+    if (end_condition_type >= 0 && hydra_string_match(http_buf, end_condition) != end_condition_type) {
+#else
+    if (end_condition_type >= 0 && (strstr(http_buf, end_condition) == NULL ? 0 : 1) != end_condition_type) {
+#endif
+      if (debug)
+        hydra_report(stderr, "End condition not match continue.\n");
+      hydra_completed_pair();
+    } else {
+      if (debug)
+        hydra_report(stderr, "END condition %s match.\n", end_condition);
      hydra_report_found_host(port, ip, "www", fp);
      hydra_completed_pair_found();
+    }
    if (http_buf != NULL) {
      free(http_buf);
      http_buf = NULL;
@ -260,10 +299,12 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
  }
  //  free(http_buf);
  //  http_buf = NULL;
+
  free(buffer);
  free(header);
  if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
    return 3;
+
  return 1;
 }

@ -272,33 +313,16 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
  int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL;
  char *ptr, *ptr2;
  ptr_header_node ptr_head = NULL;
+#ifdef AF_INET6
+  unsigned char addr6[sizeof(struct in6_addr)];
+#endif

  hydra_register_socket(sp);
  if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
    return;

-  if ((webtarget = strstr(miscptr, "://")) != NULL) {
-    webtarget += strlen("://");
-    if ((ptr2 = index(webtarget, ':')) != NULL) {       /* step over port if present */
-      *ptr2 = 0;
-      ptr2++;
-      ptr = ptr2;
-      if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL)
-        miscptr = ptr;
-      else
-        miscptr = slash;        /* to make things easier to user */
-    } else if ((ptr2 = index(webtarget, '/')) != NULL) {
-      miscptr = malloc(strlen(ptr2) + 1);
-      freemischttp = 1;
-      strcpy(miscptr, ptr2);
-      *ptr2 = 0;
-    } else
-      webtarget = hostname;
-  } else
  if (strlen(miscptr) == 0)
    miscptr = strdup("/");
-  if (webtarget == NULL)
-    webtarget = hostname;
  if (port != 0)
    webport = port;
  else if ((options & OPTION_SSL) == 0)
@ -306,6 +330,27 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
  else
    webport = mysslport;

+  /* normalise the webtarget for ipv6/port number */
+  webtarget = malloc(strlen(hostname) + 1 /* null */ + 6 /* :65535  */
+#ifdef AF_INET6
+                     + 2 /* [] */
+#endif
+  );
+#ifdef AF_INET6
+  /* let libc decide if target is an ipv6 address */
+  if (inet_pton(AF_INET6, hostname, addr6)) {
+    ptr = webtarget + sprintf(webtarget, "[%s]", hostname);
+  } else {
+#endif
+    ptr = webtarget + sprintf(webtarget, "%s", hostname);
+#ifdef AF_INET6
+  }
+#endif
+  if (options & OPTION_SSL && webport != PORT_HTTP_SSL || !(options & OPTION_SSL) && webport != PORT_HTTP) {
+    sprintf(ptr, ":%d", webport);
+  }
+  ptr = NULL;
+
  /* Advance to options string */
  ptr = miscptr;
  while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
@ -314,7 +359,8 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
    *ptr++ = 0;
  optional1 = ptr;

-  if (!parse_options(optional1, &ptr_head)) // this function is in hydra-http-form.c !!
+  if (!parse_options(optional1,
+                     &ptr_head)) // this function is in hydra-http-form.c !!
    run = 4;

  if (http_auth_mechanism == AUTH_UNASSIGNED)
@ -339,9 +385,8 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
        port = mysslport;
      }
      if (sock < 0) {
-          if (freemischttp)
-            free(miscptr);
-          if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
+        if (quiet != 1)
+          fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
        hydra_child_exit(1);
      }
      next_run = 2;
@ -353,13 +398,9 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
    case 3: /* clean exit */
      if (sock >= 0)
        sock = hydra_disconnect(sock);
-      if (freemischttp)
-        free(miscptr);
      hydra_child_exit(0);
      return;
    default:
-      if (freemischttp)
-        free(miscptr);
      fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n");
      hydra_child_exit(0);
    }
@ -367,17 +408,11 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
  }
 }

-void service_http_get(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
-  service_http(ip, sp, options, miscptr, fp, port, hostname, "GET");
-}
+void service_http_get(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "GET"); }

-void service_http_post(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
-  service_http(ip, sp, options, miscptr, fp, port, hostname, "POST");
-}
+void service_http_post(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "POST"); }

-void service_http_head(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
-  service_http(ip, sp, options, miscptr, fp, port, hostname, "HEAD");
-}
+void service_http_head(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "HEAD"); }

 int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
  // called before the childrens are forked off, so this is the function
@ -390,13 +425,61 @@ int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *mis
  //   0 all OK
  //   -1  error, hydra will exit, so print a good error message here

+  /*POU CODE */
+  char *start = strstr(miscptr, "F=");
+  if (start == NULL)
+    start = strstr(miscptr, "S=");
+
+  if (start != NULL) {
+    if (start[0] == 'F')
+      end_condition_type = 0;
+    else
+      end_condition_type = 1;
+
+    int condition_len = strlen(start);
+    memset(end_condition, 0, END_CONDITION_MAX_LEN);
+    if (condition_len >= END_CONDITION_MAX_LEN) {
+      hydra_report(stderr, "Condition string cannot be bigger than %u.", END_CONDITION_MAX_LEN);
+      return -1;
+    }
+    // copy condition witout starting string (F= or S=  2char)
+    strncpy(end_condition, start + 2, condition_len - 2);
+    if (debug)
+      hydra_report(stderr, "End condition is %s, mod is %d\n", end_condition, end_condition_type);
+
+    if (*(start - 1) == ' ')
+      start--;
+    memset(start, '\0', condition_len);
+    if (debug)
+      hydra_report(stderr, "Modified options:%s\n", miscptr);
+  } else {
+    if (debug)
+      hydra_report(stderr, "Condition not found\n");
+  }
+
  return 0;
 }

 void usage_http(const char *service) {
  printf("Module %s requires the page to authenticate.\n"
         "The following parameters are optional:\n"
-         " (a|A)=auth-type   specify authentication mechanism to use: BASIC, NTLM or MD5\n"
-         " (h|H)=My-Hdr\\: foo   to send a user defined HTTP header with each request\n"
-         "For example:  \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n", service);
+         " (a|A)=auth-type   specify authentication mechanism to use: BASIC, "
+         "NTLM or MD5\n"
+         " (h|H)=My-Hdr\\: foo   to send a user defined HTTP header with each "
+         "request\n"
+         " (F|S)=check for text in the HTTP reply. S= means if this text is "
+         "found, a\n"
+         "       valid account has been found, F= means if this string is "
+         "present the\n"
+         "       combination is invalid. Note: this must be the last option "
+         "supplied.\n"
+         "For example:  \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: "
+         "sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n"
+         "To attack multiple targets, you can use the -M option with a file "
+         "containing the targets and their parameters.\n"
+         "Example file content:\n"
+         "  localhost:5000/protected:A=BASIC\n"
+         "  localhost:5002/protected_path:A=NTLM\n"
+         "  ...\n\n",
+         service);
 }
--- a/hydra-icq.c
+++ b/hydra-icq.c
@ -4,32 +4,10 @@ extern char *HYDRA_EXIT;
 extern int32_t child_head_no;
 int32_t seq = 1;

-const unsigned char icq5_table[] = {
-  0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C,
-  0x59, 0x60, 0x57, 0x5B, 0x3D, 0x5E, 0x34, 0x6D, 0x36, 0x50, 0x3F,
-  0x6F, 0x67, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x47, 0x63, 0x39, 0x50,
-  0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x31, 0x64,
-  0x35, 0x5A, 0x4A, 0x42, 0x56, 0x40, 0x67, 0x53, 0x41, 0x07, 0x6C,
-  0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x43, 0x69, 0x48, 0x33, 0x31,
-  0x44, 0x65, 0x62, 0x46, 0x48, 0x53, 0x41, 0x07, 0x6C, 0x69, 0x48,
-  0x33, 0x51, 0x54, 0x5D, 0x4E, 0x6C, 0x49, 0x38, 0x4B, 0x55, 0x4A,
-  0x62, 0x46, 0x48, 0x33, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F,
-  0x5F, 0x3F, 0x6F, 0x47, 0x63, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64,
-  0x35, 0x5A, 0x6A, 0x52, 0x6E, 0x3C, 0x51, 0x34, 0x6D, 0x36, 0x50,
-  0x5F, 0x5F, 0x3F, 0x4F, 0x37, 0x4B, 0x35, 0x5A, 0x4A, 0x62, 0x66,
-  0x58, 0x3B, 0x4D, 0x66, 0x58, 0x5B, 0x5D, 0x4E, 0x6C, 0x49, 0x58,
-  0x3B, 0x4D, 0x66, 0x58, 0x3B, 0x4D, 0x46, 0x48, 0x53, 0x61, 0x4C,
-  0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x55, 0x6A, 0x32, 0x3E, 0x44,
-  0x45, 0x52, 0x6E, 0x3C, 0x31, 0x64, 0x55, 0x6A, 0x52, 0x4E, 0x6C,
-  0x69, 0x48, 0x53, 0x61, 0x4C, 0x39, 0x30, 0x6F, 0x47, 0x63, 0x59,
-  0x60, 0x57, 0x5B, 0x3D, 0x3E, 0x64, 0x35, 0x3A, 0x3A, 0x5A, 0x6A,
-  0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x6C, 0x49, 0x58, 0x3B,
-  0x4D, 0x46, 0x68, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x67,
-  0x53, 0x41, 0x25, 0x41, 0x3C, 0x51, 0x54, 0x3D, 0x5E, 0x54, 0x5D,
-  0x4E, 0x4C, 0x39, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43,
-  0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x6E, 0x3C, 0x31, 0x64, 0x35,
-  0x5A, 0x00, 0x00
-};
+const unsigned char icq5_table[] = {0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C, 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x5E, 0x34, 0x6D, 0x36, 0x50, 0x3F, 0x6F, 0x67, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x47, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x31, 0x64, 0x35, 0x5A, 0x4A, 0x42, 0x56, 0x40, 0x67, 0x53, 0x41, 0x07, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x43, 0x69, 0x48,
+                                    0x33, 0x31, 0x44, 0x65, 0x62, 0x46, 0x48, 0x53, 0x41, 0x07, 0x6C, 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x4E, 0x6C, 0x49, 0x38, 0x4B, 0x55, 0x4A, 0x62, 0x46, 0x48, 0x33, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x63, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x35, 0x5A, 0x6A, 0x52, 0x6E, 0x3C, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, 0x3F, 0x4F, 0x37, 0x4B, 0x35,
+                                    0x5A, 0x4A, 0x62, 0x66, 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x5B, 0x5D, 0x4E, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x3B, 0x4D, 0x46, 0x48, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x55, 0x6A, 0x32, 0x3E, 0x44, 0x45, 0x52, 0x6E, 0x3C, 0x31, 0x64, 0x55, 0x6A, 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x4C, 0x39, 0x30, 0x6F, 0x47, 0x63, 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x3E,
+                                    0x64, 0x35, 0x3A, 0x3A, 0x5A, 0x6A, 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x67, 0x53, 0x41, 0x25, 0x41, 0x3C, 0x51, 0x54, 0x3D, 0x5E, 0x54, 0x5D, 0x4E, 0x4C, 0x39, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x6E, 0x3C, 0x31, 0x64, 0x35, 0x5A, 0x00, 0x00};

 void fix_packet(char *buf, int32_t len) {
  unsigned long c1, c2;
@ -188,7 +166,8 @@ int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE * output, char *mis
      break;
    }

-/*       if((buf[2] != 10 || buf[3] != 0) && (buf[2] != 250 || buf[3] != 0)) */
+    /*       if((buf[2] != 10 || buf[3] != 0) && (buf[2] != 250 || buf[3] != 0))
+     */
  }

  if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -221,7 +200,8 @@ void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
        sock = hydra_disconnect(sock);
      sock = hydra_connect_udp(ip, myport);
      if (sock < 0) {
-        if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
+        if (quiet != 1)
+          fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
        hydra_child_exit(1);
      }
      next_run = 2;
@ -233,9 +213,11 @@ void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
      if (sock >= 0)
        sock = hydra_disconnect(sock);
      hydra_child_exit(2);
+      break;
    default:
      fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n");
      hydra_child_exit(2);
+      break;
    }
    run = next_run;
  }
--- a/hydra-imap.c
+++ b/hydra-imap.c
@ -20,7 +20,8 @@ char *imap_read_server_capacity(int32_t sock) {
      if (strstr(buf, "CAPABILITY") != NULL && buf[0] == '*') {
        resp = 1;
        usleepn(300);
-        /* we got the capability info then get the completed warning info from server */
+        /* we got the capability info then get the completed warning info from
+         * server */
        while (hydra_data_ready(sock)) {
          free(buf);
          buf = hydra_receive_line(sock);
@ -40,7 +41,7 @@ char *imap_read_server_capacity(int32_t sock) {
 }

 int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
-  char *empty = "";
+  char *empty = "", *result = NULL;
  char *login, *pass, buffer[500], buffer2[500], *fooptr;

  if (strlen(login = hydra_get_next_login()) == 0)
@ -103,7 +104,9 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha
    free(buf);

    memset(buffer2, 0, sizeof(buffer2));
-    sasl_plain(buffer2, login, pass);
+    result = sasl_plain(buffer2, login, pass);
+    if (result == NULL)
+      return 3;
    sprintf(buffer, "%.250s\r\n", buffer2);
    break;

@ -120,7 +123,6 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha
    }

    switch (imap_auth_mechanism) {
-
    case AUTH_CRAMMD5:
      sprintf(buffer, "%d AUTHENTICATE CRAM-MD5\r\n", counter);
      break;
@ -161,20 +163,23 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha

    switch (imap_auth_mechanism) {
    case AUTH_CRAMMD5: {
-          sasl_cram_md5(buffer2, pass, buffer);
+      result = sasl_cram_md5(buffer2, pass, buffer);
+      if (result == NULL)
+        return 3;
      sprintf(buffer, "%s %.250s", preplogin, buffer2);
-        }
-        break;
+    } break;
    case AUTH_CRAMSHA1: {
-          sasl_cram_sha1(buffer2, pass, buffer);
+      result = sasl_cram_sha1(buffer2, pass, buffer);
+      if (result == NULL)
+        return 3;
      sprintf(buffer, "%s %.250s", preplogin, buffer2);
-        }
-        break;
+    } break;
    case AUTH_CRAMSHA256: {
-          sasl_cram_sha256(buffer2, pass, buffer);
+      result = sasl_cram_sha256(buffer2, pass, buffer);
+      if (result == NULL)
+        return 3;
      sprintf(buffer, "%s %.250s", preplogin, buffer2);
-        }
-        break;
+    } break;
    }
    hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer));

@ -183,8 +188,7 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha
    strcpy(buffer, tmp_buffer);

    free(preplogin);
-    }
-    break;
+  } break;
  case AUTH_DIGESTMD5: {
    sprintf(buffer, "%d AUTHENTICATE DIGEST-MD5\r\n", counter);

@ -206,16 +210,15 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha
      hydra_report(stderr, "DEBUG S: %s\n", buffer);

    fooptr = buffer2;
-      sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL);
-      if (fooptr == NULL)
+    result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL);
+    if (result == NULL)
      return 3;
    if (debug)
      hydra_report(stderr, "DEBUG C: %s\n", buffer2);
    hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
    sprintf(buffer, "%s\r\n", buffer2);

-    }
-    break;
+  } break;
  case AUTH_SCRAMSHA1: {
    char clientfirstmessagebare[200];
    char serverfirstmessage[200];
@ -267,16 +270,15 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha

      memset(buffer2, 0, sizeof(buffer2));
      fooptr = buffer2;
-        sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage);
-        if (fooptr == NULL) {
+      result = sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage);
+      if (result == NULL) {
        hydra_report(stderr, "[ERROR] Can't compute client response\n");
        return 1;
      }
      hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
      sprintf(buffer, "%s\r\n", buffer2);
    }
-    }
-    break;
+  } break;
 #endif
  case AUTH_NTLM: {
    unsigned char buf1[4096];
@ -320,8 +322,7 @@ int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, cha
    to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));

    sprintf(buffer, "%s\r\n", buf1);
-    }
-    break;
+  } break;
  default:
    // clear authentication
    sprintf(buffer, "%d LOGIN \"%.100s\" \"%.100s\"\r\n", counter, login, pass);
@ -415,14 +416,16 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
      }
 #ifdef LIBOPENSSL
      if (!disable_tls) {
-        /* check for STARTTLS, if available we may have access to more basic auth methods */
+        /* check for STARTTLS, if available we may have access to more basic
+         * auth methods */
        if (strstr(buf, "STARTTLS") != NULL) {
          hydra_send(sock, "2 STARTTLS\r\n", strlen("2 STARTTLS\r\n"), 0);
          counter++;
          free(buf);
          buf = hydra_receive_line(sock);
          if (buf == NULL || (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL)) {
-            hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
+            hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer "
+                                 "received from STARTTLS request\n");
          } else {
            free(buf);
            if ((hydra_connect_to_ssl(sock, hostname) == -1)) {
@ -444,7 +447,8 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
              hydra_child_exit(2);
          }
        } else
-          hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n");
+          hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is "
+                               "not supported by the server\n");
      }
 #endif

@ -487,7 +491,6 @@ void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
      free(buf);

      if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
-
        if (strstr(miscptr, "CLEAR"))
          imap_auth_mechanism = AUTH_CLEAR;

@ -588,5 +591,8 @@ int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *mis
 void usage_imap(const char *service) {
  printf("Module imap is optionally taking one authentication type of:\n"
         "  CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n"
-         "  CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n");
+         "  CRAM-SHA256, DIGEST-MD5, NTLM\n"
+         "Additionally TLS encryption via STARTTLS can be enforced with the "
+         "TLS option.\n\n"
+         "Example: imap://target/TLS:PLAIN\n");
 }
--- a/hydra-irc.c
+++ b/hydra-irc.c
@ -7,7 +7,6 @@ RFC 1459: Internet Relay Chat Protocol
 */

 extern char *HYDRA_EXIT;
-char *buf;
 char buffer[300] = "";
 int32_t myport = PORT_IRC, mysslport = PORT_IRC_SSL;

@ -106,10 +105,16 @@ int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options,
 #endif
    hydra_report_pass_found(port, ip, "irc", fp);
    hydra_completed_pair_found();
-    hydra_report(stderr, "[INFO] Server password '%s' is working, you can pass it as argument\nto irc module to then try login/password oper mode\n", pass);
+    hydra_report(stderr,
+                 "[INFO] Server password '%s' is working, you can pass it as "
+                 "argument\nto irc module to then try login/password oper mode\n",
+                 pass);
  } else {
    if (verbose && (miscptr != NULL))
-      hydra_report(stderr, "[VERBOSE] Server is requesting a general password, '%s' you entered is not working\n", miscptr);
+      hydra_report(stderr,
+                   "[VERBOSE] Server is requesting a general password, '%s' "
+                   "you entered is not working\n",
+                   miscptr);
    hydra_completed_pair();
  }

@ -181,10 +186,14 @@ void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
        hydra_child_exit(0);
      }

-      /* ERROR :Bad password is returned from ngircd when it s waiting for a server password */
+      /* ERROR :Bad password is returned from ngircd when it s waiting for a
+       * server password */
      if ((ret > 0) && (strstr(buffer, " 001 ") == NULL)) {
        /* seems we not successfully connected */
-        hydra_report(stderr, "[ERROR] should not be able to identify server msg, please report it\n%s\n", buffer);
+        hydra_report(stderr,
+                     "[ERROR] should not be able to identify server msg, "
+                     "please report it\n%s\n",
+                     buffer);
        hydra_child_exit(0);
      }

@ -224,5 +233,7 @@ int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *misc
 }

 void usage_irc(const char *service) {
-  printf("Module irc is optionally taking the general server password, if the server is requiring one, and if none is passed the password from -p/-P will be used\n\n");
+  printf("Module irc is optionally taking the general server password, if the "
+         "server is requiring one, and if none is passed the password from "
+         "-p/-P will be used\n\n");
 }
--- a/hydra-ldap.c
+++ b/hydra-ldap.c
@ -8,7 +8,7 @@ int32_t counter;
 int32_t tls_required = 0;

 int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname, char version, int32_t auth_method) {
-  char *empty = "";
+  char *empty = "", *result = NULL;
  char *login = "", *pass, *fooptr = "";
  unsigned char buffer[512];
  int32_t length = 0;
@ -123,8 +123,8 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha

    ptr = strstr((char *)buf, "<");
    fooptr = buf2;
-    sasl_cram_md5(fooptr, pass, ptr);
-    if (fooptr == NULL)
+    result = sasl_cram_md5(fooptr, pass, ptr);
+    if (result == NULL)
      return 1;
    counter++;
    if (strstr(miscptr, "^USER^") != NULL) {
@ -180,8 +180,8 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha
      }

      fooptr = buffer2;
-      sasl_digest_md5(fooptr, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL);
-      if (fooptr == NULL) {
+      result = sasl_digest_md5(fooptr, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL);
+      if (result == NULL) {
        free(buf);
        return 3;
      }
@ -306,13 +306,19 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha

  if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 53) {
    if (verbose)
-      hydra_report(stderr, "[VERBOSE] Server unwilling to perform action, maybe deny by server config or too busy when tried login: %s   password: %s\n", login, pass);
+      hydra_report(stderr,
+                   "[VERBOSE] Server unwilling to perform action, maybe deny by server "
+                   "config or too busy when tried login: %s   password: %s\n",
+                   login, pass);
    free(buf);
    return 1;
  }

  if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 2) {
-    hydra_report(stderr, "[ERROR] Invalid protocol version, you tried ldap%c, better try ldap%c\n", version + '0', version == 2 ? '3' : '2');
+    hydra_report(stderr,
+                 "[ERROR] Invalid protocol version, you tried ldap%c, better "
+                 "try ldap%c\n",
+                 version + '0', version == 2 ? '3' : '2');
    free(buf);
    hydra_child_exit(2);
    sleep(1);
@ -335,7 +341,6 @@ int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, cha
      }
    }
  } else {
-
    if (buf[9] != 49 && buf[9] != 2 && buf[9] != 53) {
      hydra_report(stderr, "[ERROR] Uh, unknown LDAP response! Please report this: \n");
      print_hex((unsigned char *)buf, 24);
@ -382,8 +387,10 @@ void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
      }
      counter = 1;
      if (tls_required) {
-        /* Start TLS operation OID = 1.3.6.1.4.1.1466.20037 according to RFC 2830 */
-        char confidentiality_required[] = "\x30\x1d\x02\x01\x01\x77\x18\x80\x16\x31\x2e\x33\x2e\x36\x2e\x31\x2e\x34\x2e\x31\x2e\x31\x34\x36\x36\x2e\x32\x30\x30\x33\x37";
+        /* Start TLS operation OID = 1.3.6.1.4.1.1466.20037 according to RFC
+         * 2830 */
+        char confidentiality_required[] = "\x30\x1d\x02\x01\x01\x77\x18\x80\x16\x31\x2e\x33\x2e\x36\x2e\x31"
+                                          "\x2e\x34\x2e\x31\x2e\x31\x34\x36\x36\x2e\x32\x30\x30\x33\x37";

        if (hydra_send(sock, confidentiality_required, strlen(confidentiality_required), 0) < 0)
          hydra_child_exit(1);
@ -393,6 +400,7 @@ void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI

        if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) {
          /* TLS option negociation goes well, now trying to connect */
+          free(buf);
          if ((hydra_connect_to_ssl(sock, hostname) == -1) && verbose) {
            hydra_report(stderr, "[ERROR] Can't use TLS\n");
            hydra_child_exit(1);
@ -403,6 +411,7 @@ void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
          }
        } else {
          hydra_report(stderr, "[ERROR] Can't use TLS %s\n", buf);
+          free(buf);
          hydra_child_exit(1);
        }
      }
@ -425,21 +434,13 @@ void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
  }
 }

-void service_ldap2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
-  service_ldap(ip, sp, options, miscptr, fp, port, hostname, 2, AUTH_CLEAR);
-}
+void service_ldap2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 2, AUTH_CLEAR); }

-void service_ldap3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
-  service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CLEAR);
-}
+void service_ldap3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CLEAR); }

-void service_ldap3_cram_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
-  service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CRAMMD5);
-}
+void service_ldap3_cram_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CRAMMD5); }

-void service_ldap3_digest_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
-  service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_DIGESTMD5);
-}
+void service_ldap3_digest_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_DIGESTMD5); }

 int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
  // called before the childrens are forked off, so this is the function
@ -452,7 +453,8 @@ int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *mis
  //   0 all OK
  //   -1  error, hydra will exit, so print a good error message here
  if (miscptr != NULL && strlen(miscptr) > 220) {
-    fprintf(stderr, "[ERROR] the option string to this module may not be larger than 220 bytes\n");
+    fprintf(stderr, "[ERROR] the option string to this module may not be "
+                    "larger than 220 bytes\n");
    return -1;
  }

@ -460,12 +462,18 @@ int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *mis
 }

 void usage_ldap(const char *service) {
-  printf("Module %s is optionally taking the DN (depending of the auth method choosed\n"
-         "Note: you can also specify the DN as login when Simple auth method is used).\n"
+  printf("Module %s is optionally taking the DN (depending of the auth method "
+         "choosed\n"
+         "Note: you can also specify the DN as login when Simple auth method "
+         "is used).\n"
         "The keyword \"^USER^\" is replaced with the login.\n"
-         "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n"
-         "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n"
+         "Special notes for Simple method has 3 operation modes: anonymous, "
+         "(no user no pass),\n"
+         "unauthenticated (user but no pass), user/pass authenticated (user "
+         "and pass).\n"
         "So don't forget to set empty string as user/pass to test all modes.\n"
-         "Hint: to authenticate to a windows active directory ldap, this is usually\n"
-         " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", service);
+         "Hint: to authenticate to a windows active directory ldap, this is "
+         "usually\n"
+         " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n",
+         service);
 }
--- a/hydra-memcached.c
+++ b/hydra-memcached.c
@ -8,13 +8,12 @@
 #include "hydra-mod.h"

 #ifndef LIBMCACHED
-void dummy_mcached() {
-  printf("\n");
-}
+void dummy_mcached() { printf("\n"); }
 #else

 extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);

+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;

 int mcached_send_com_quit(int32_t sock) {
@ -33,8 +32,6 @@ int mcached_send_com_version(int32_t sock) {
  return 0;
 }

-
-
 int32_t start_mcached(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
  char *empty = "";
  char *login, *pass;
@ -121,13 +118,16 @@ void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr,
    switch (run) {
    case 1:
      next_run = start_mcached(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
      break;
    case 2:
      hydra_child_exit(0);
      return;
    default:
      if (!verbose)
-        hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose option for more details\n");
+        hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose "
+                             "option for more details\n");
      hydra_child_exit(2);
    }
    run = next_run;
--- a/hydra-mod.c
+++ b/hydra-mod.c
@ -1,13 +1,14 @@
 #include "hydra-mod.h"
 #include <arpa/inet.h>
 #ifdef LIBOPENSSL
-#include <openssl/ssl.h>
-#include <openssl/err.h>
 #include <openssl/bn.h>
+#include <openssl/err.h>
 #include <openssl/rsa.h>
+#include <openssl/ssl.h>
 #endif
 #ifdef HAVE_PCRE
-#include <pcre.h>
+#define PCRE2_CODE_UNIT_WIDTH 8
+#include <pcre2.h>
 #endif

 #define MAX_CONNECT_RETRY 1
@ -33,7 +34,7 @@ int32_t do_retry = 1;
 int32_t module_auth_type = -1;
 int32_t intern_socket, extern_socket;
 char pair[260];
-char HYDRA_EXIT[5] = "\x00\xff\x00\xff\x00";
+char *HYDRA_EXIT = "\x00\xff\x00\xff\x00";
 char *HYDRA_EMPTY = "\x00\x00\x00\x00";
 char *fe80 = "\xfe\x80\x00";
 int32_t fail = 0;
@ -63,17 +64,20 @@ void alarming() {
  fail++;
  alarm_went_off++;

-/* uh, I think it's not good for performance if we try to reconnect to a timeout system!
- *  if (fail > MAX_CONNECT_RETRY) {
+  /* uh, I think it's not good for performance if we try to reconnect to a
+   * timeout system! if (fail > MAX_CONNECT_RETRY) {
   */
-  //fprintf(stderr, "Process %d: Can not connect [timeout], process exiting\n", (int32_t) getpid());
+  // fprintf(stderr, "Process %d: Can not connect [timeout], process exiting\n",
+  // (int32_t) getpid());
  if (debug)
    printf("DEBUG_CONNECT_TIMEOUT\n");
  hydra_child_exit(1);

  /*
   *   } else {
- *     if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout], retrying (%d of %d retries)\n", (int32_t)getpid(), fail, MAX_CONNECT_RETRY);
+   *     if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout],
+   * retrying (%d of %d retries)\n", (int32_t)getpid(), fail,
+   * MAX_CONNECT_RETRY);
   *   }
   */
 }
@ -102,6 +106,8 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t
    selected_proxy = random() % proxy_count;
  }

+  memset(&target, 0, sizeof(target));
+  memset(&sin, 0, sizeof(sin));
 #ifdef AF_INET6
  memset(&target6, 0, sizeof(target6));
  memset(&sin6, 0, sizeof(sin6));
@ -165,7 +171,6 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t
      }
    }
    if (use_proxy > 0 && proxy_count > 0) {
-      
      if (proxy_string_ip[selected_proxy][0] == 4) {
        memcpy(&target.sin_addr.s_addr, &proxy_string_ip[selected_proxy][1], 4);
        target.sin_family = AF_INET;
@ -221,7 +226,10 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t
        fail++;
        if (verbose) {
          if (do_retry && fail <= MAX_CONNECT_RETRY)
-            fprintf(stderr, "Process %d: Can not connect [unreachable], retrying (%d of %d retries)\n", (int32_t) getpid(), fail, MAX_CONNECT_RETRY);
+            fprintf(stderr,
+                    "Process %d: Can not connect [unreachable], retrying (%d "
+                    "of %d retries)\n",
+                    (int32_t)getpid(), fail, MAX_CONNECT_RETRY);
          else
            fprintf(stderr, "Process %d: Can not connect [unreachable]\n", (int32_t)getpid());
        }
@ -232,7 +240,8 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t
        printf("DEBUG_CONNECT_UNREACHABLE\n");

      /* we wont quit here, thats up to the module to decide what to do
- *              fprintf(stderr, "Process %d: Can not connect [unreachable], process exiting\n", (int32_t)getpid());
+       *              fprintf(stderr, "Process %d: Can not connect
+       * [unreachable], process exiting\n", (int32_t)getpid());
       *              hydra_child_exit(1);
       */
      extern_socket = -1;
@ -278,19 +287,22 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t
          else
            snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\n\r\n", hydra_address2string(host), port);
        else if (host[0] == 16)
-          snprintf(buf, 4096, "CONNECT [%s]:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication[selected_proxy]);
+          snprintf(buf, 4096,
+                   "CONNECT [%s]:%d HTTP/1.0\r\nProxy-Authorization: Basic "
+                   "%s\r\n\r\n",
+                   hydra_address2string(host), port, proxy_authentication[selected_proxy]);
        else
          snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication[selected_proxy]);

        send(s, buf, strlen(buf), 0);
        if (debug) {
-          char *ptr = index(buf, '\r');
+          char *ptr = strchr(buf, '\r');
          if (ptr != NULL)
            *ptr = 0;
          printf("DEBUG_CONNECT_PROXY_SENT: %s\n", buf);
        }
        recv(s, buf, 4096, 0);
-        if (strncmp("HTTP/", buf, 5) == 0 && (tmpptr = index(buf, ' ')) != NULL && *++tmpptr == '2') {
+        if (strncmp("HTTP/", buf, 5) == 0 && (tmpptr = strchr(buf, ' ')) != NULL && *++tmpptr == '2') {
          if (debug)
            printf("DEBUG_CONNECT_PROXY_OK\n");
        } else {
@ -324,7 +336,8 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t
              err = 1;
            }
            if ((unsigned char)buf[1] == SOCKS_NOMETHOD) {
-              hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method negotiation failed\n");
+              hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method "
+                                   "negotiation failed\n");
              err = 1;
            }
            /* SOCKS_DOMAIN not supported here, do we need it ? */
@ -437,7 +450,10 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t
              }
            }
          } else {
-            hydra_report(stderr, "[ERROR] Unknown proxy type: %s, valid type are \"connect\", \"socks4\" or \"socks5\"\n", proxy_string_type[selected_proxy]);
+            hydra_report(stderr,
+                         "[ERROR] Unknown proxy type: %s, valid type are "
+                         "\"connect\", \"socks4\" or \"socks5\"\n",
+                         proxy_string_type[selected_proxy]);
            err = 1;
          }
        }
@ -464,24 +480,25 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t

 #if defined(LIBOPENSSL) && !defined(LIBRESSL_VERSION_NUMBER)
 RSA *ssl_temp_rsa_cb(SSL *ssl, int32_t export, int32_t keylength) {
-  int32_t ok = 0;
+  int32_t nok = 0;
 #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
  BIGNUM *n;
-  n = BN_new();
+  if ((n = BN_new()) == NULL)
+    nok = 1;
  RSA_get0_key(rsa, (const struct bignum_st **)&n, NULL, NULL);
-  ok = BN_zero(n);
+  BN_zero(n);
 #else
  if (rsa->n == 0)
-    ok = 1;
+    nok = 1;
 #endif
-  if(ok == 0 && RSA_size(rsa)!=(keylength/8)){ // n is not zero
+  if (nok == 0 && RSA_size(rsa) != (keylength / 8)) { // n is not zero
 #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
    BN_free(n);
 #endif
    RSA_free(rsa);
    rsa = NULL;
  }
-  if (ok != 0) { // n is zero
+  if (nok != 0) { // n is zero
 #if defined(NO_RSA_LEGACY) || OPENSSL_VERSION_NUMBER >= 0x10100000L
    RSA *rsa = RSA_new();
    BIGNUM *f4 = BN_new();
@ -621,9 +638,13 @@ void hydra_child_exit(int32_t code) {
    __fck = write(intern_socket, "C", 1);
  else if (code == 2) /* application protocol error or service shutdown */
    __fck = write(intern_socket, "E", 1);
-  // code 3 means exit without telling mommy about it - a bad idea. mommy should know
-  else if (code == -1 || code > 3) {
-    fprintf(stderr, "[TOTAL FUCKUP] a module should not use hydra_child_exit(-1) ! Fix it in the source please ...\n");
+  else if (code == 3) /* application protocol error or service shutdown */
+    __fck = write(intern_socket, "D", 1);
+  // code 4 means exit without telling mommy about it - a bad idea. mommy should
+  // know
+  else if (code == -1 || code > 4) {
+    fprintf(stderr, "[TOTAL FUCKUP] a module should not use "
+                    "hydra_child_exit(-1) ! Fix it in the source please ...\n");
    __fck = write(intern_socket, "E", 1);
  }
  do {
@ -634,19 +655,17 @@ void hydra_child_exit(int32_t code) {
  exit(0); // might be killed before reaching this
 }

-void hydra_register_socket(int32_t s) {
-  intern_socket = s;
-}
+void hydra_register_socket(int32_t s) { intern_socket = s; }

 char *hydra_get_next_pair() {
  if (pair[0] == 0) {
    pair[sizeof(pair) - 1] = 0;
    __fck = read(intern_socket, pair, sizeof(pair) - 1);
    // if (debug) hydra_dump_data(pair, __fck, "CHILD READ PAIR");
-    if (memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0)
-      return HYDRA_EXIT;
-    if (pair[0] == 0)
+    if (pair[0] == 0 || __fck <= 0)
      return HYDRA_EMPTY;
+    if (__fck >= sizeof(HYDRA_EXIT) && memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0)
+      return HYDRA_EXIT;
  }
  return pair;
 }
@ -734,19 +753,20 @@ void hydra_report_found(int32_t port, char *svc, FILE * fp) {
  /*
    if (!strcmp(svc, "rsh"))
      if (colored_output)
-      fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login());
-    else
-      fprintf(fp, "[%d][%s] login: %s\n", port, svc, hydra_get_next_login());
-  else if (colored_output)
-    fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m   password: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login(), hydra_get_next_password());
-  else
-    fprintf(fp, "[%d][%s] login: %s   password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password());
+        fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m\n",
+    port, svc, hydra_get_next_login()); else fprintf(fp, "[%d][%s] login: %s\n",
+    port, svc, hydra_get_next_login()); else if (colored_output) fprintf(fp,
+    "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m   password:
+    \e[32m%s\e[0m\n", port, svc, hydra_get_next_login(),
+    hydra_get_next_password()); else fprintf(fp, "[%d][%s] login: %s   password:
+    %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password());

    if (stdout != fp) {
      if (!strcmp(svc, "rsh"))
        printf("[%d][%s] login: %s\n", port, svc, hydra_get_next_login());
      else
-      printf("[%d][%s] login: %s   password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password());
+        printf("[%d][%s] login: %s   password: %s\n", port, svc,
+    hydra_get_next_login(), hydra_get_next_password());
    }

    fflush(fp);
@ -758,11 +778,11 @@ void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE * fp) {
  /*
    strcpy(ipaddr_str, hydra_address2string(ip));
    if (colored_output)
-    fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m   password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password());
-  else
-    fprintf(fp, "[%d][%s] host: %s   password: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
-  if (stdout != fp)
-    printf("[%d][%s] host: %s   password: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
+      fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password:
+    \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); else
+      fprintf(fp, "[%d][%s] host: %s   password: %s\n", port, svc, ipaddr_str,
+    hydra_get_next_password()); if (stdout != fp) printf("[%d][%s] host: %s
+    password: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
    fflush(fp);
  */
 }
@ -775,33 +795,34 @@ void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE * fp) {
      keyw = "domain";
    if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid"))
      if (colored_output)
-      fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m   login: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login());
-    else
-      fprintf(fp, "[%d][%s] host: %s   login: %s\n", port, svc, ipaddr_str, hydra_get_next_login());
-  else if (!strcmp(svc, "snmp3"))
-    if (colored_output)
-      fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m   login: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password());
-    else
-      fprintf(fp, "[%d][%s] host: %s   login: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
-  else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco"))
-    if (colored_output)
-      fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m   password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password());
-    else
-      fprintf(fp, "[%d][%s] host: %s   password: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
-  else if (colored_output)
-    fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m   login: \e[32m%s\e[0m   %s: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw,
+        fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m   login:
+    \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login()); else
+        fprintf(fp, "[%d][%s] host: %s   login: %s\n", port, svc, ipaddr_str,
+    hydra_get_next_login()); else if (!strcmp(svc, "snmp3")) if (colored_output)
+        fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m   login:
+    \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); else
+        fprintf(fp, "[%d][%s] host: %s   login: %s\n", port, svc, ipaddr_str,
+    hydra_get_next_password()); else if (!strcmp(svc, "cisco-enable") ||
+    !strcmp(svc, "cisco")) if (colored_output) fprintf(fp,
+    "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m   password:
+    \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); else
+        fprintf(fp, "[%d][%s] host: %s   password: %s\n", port, svc, ipaddr_str,
+    hydra_get_next_password()); else if (colored_output) fprintf(fp,
+    "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m   login: \e[32m%s\e[0m
+    %s: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw,
              hydra_get_next_password());
    else
-    fprintf(fp, "[%d][%s] host: %s   login: %s   %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password());
-  if (stdout != fp) {
-    if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid"))
-      printf("[%d][%s] host: %s   login: %s\n", port, svc, ipaddr_str, hydra_get_next_login());
-    else if (!strcmp(svc, "snmp3"))
-      printf("[%d][%s] host: %s   login: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
+      fprintf(fp, "[%d][%s] host: %s   login: %s   %s: %s\n", port, svc,
+    ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); if
+    (stdout != fp) { if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid"))
+        printf("[%d][%s] host: %s   login: %s\n", port, svc, ipaddr_str,
+    hydra_get_next_login()); else if (!strcmp(svc, "snmp3")) printf("[%d][%s]
+    host: %s   login: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
      else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco"))
-      printf("[%d][%s] host: %s   password: %s\n", port, svc, ipaddr_str, hydra_get_next_password());
-    else
-      printf("[%d][%s] host: %s   login: %s   %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password());
+        printf("[%d][%s] host: %s   password: %s\n", port, svc, ipaddr_str,
+    hydra_get_next_password()); else printf("[%d][%s] host: %s   login: %s   %s:
+    %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw,
+    hydra_get_next_password());
    }
    fflush(fp);
    fflush(stdout);
@ -812,12 +833,13 @@ void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE * fp, c
  /*
    strcpy(ipaddr_str, hydra_address2string(ip));
    if (colored_output)
-    fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m   login: \e[32m%s\e[0m   password: \e[32m%s\e[0m  [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(),
-            hydra_get_next_password(), msg);
-  else
-    fprintf(fp, "[%d][%s] host: %s   login: %s   password: %s  [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password(), msg);
-  if (stdout != fp)
-    printf("[%d][%s] host: %s   login: %s   password: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password());
+      fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m   login:
+    \e[32m%s\e[0m   password: \e[32m%s\e[0m  [%s]\n", port, svc, ipaddr_str,
+    hydra_get_next_login(), hydra_get_next_password(), msg); else fprintf(fp,
+    "[%d][%s] host: %s   login: %s   password: %s  [%s]\n", port, svc,
+    ipaddr_str, hydra_get_next_login(), hydra_get_next_password(), msg); if
+    (stdout != fp) printf("[%d][%s] host: %s   login: %s   password: %s\n",
+    port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password());
    fflush(fp);
  */
 }
@ -883,9 +905,7 @@ int32_t hydra_data_ready_writing_timed(int32_t socket, long sec, long usec) {
  return (my_select(socket + 1, &fds, NULL, NULL, sec, usec));
 }

-int32_t hydra_data_ready_writing(int32_t socket) {
-  return (hydra_data_ready_writing_timed(socket, 30, 0));
-}
+int32_t hydra_data_ready_writing(int32_t socket) { return (hydra_data_ready_writing_timed(socket, 30, 0)); }

 int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec) {
  fd_set fds;
@ -895,9 +915,7 @@ int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec) {
  return (my_select(socket + 1, &fds, NULL, NULL, sec, usec));
 }

-int32_t hydra_data_ready(int32_t socket) {
-  return (hydra_data_ready_timed(socket, 0, 100));
-}
+int32_t hydra_data_ready(int32_t socket) { return (hydra_data_ready_timed(socket, 0, 100)); }

 int32_t hydra_recv(int32_t socket, char *buf, uint32_t length) {
  int32_t ret;
@ -907,7 +925,8 @@ int32_t hydra_recv(int32_t socket, char *buf, uint32_t length) {
  if (debug) {
    sprintf(text, "[DEBUG] RECV [pid:%d]", getpid());
    hydra_dump_data(buf, ret, text);
-    //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", buf, getpid(), ret);
+    // hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]",
+    // buf, getpid(), ret);
  }
  return ret;
 }
@ -928,7 +947,8 @@ int32_t hydra_recv_nb(int32_t socket, char *buf, uint32_t length) {
    if (debug) {
      sprintf(text, "[DEBUG] RECV [pid:%d]", getpid());
      hydra_dump_data(buf, ret, text);
-      //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", buf, getpid(), ret);
+      // hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]",
+      // buf, getpid(), ret);
    }
  }
  return ret;
@ -946,7 +966,9 @@ char *hydra_receive_line(int32_t socket) {
  memset(buff, 0, sizeof(buf));

  if (debug)
-    printf("[DEBUG] hydra_receive_line: waittime: %d, conwait: %d, socket: %d, pid: %d\n", waittime, conwait, socket, getpid());
+    printf("[DEBUG] hydra_receive_line: waittime: %d, conwait: %d, socket: %d, "
+           "pid: %d\n",
+           waittime, conwait, socket, getpid());

  if ((i = hydra_data_ready_timed(socket, (long)waittime, 0)) > 0) {
    do {
@ -981,14 +1003,16 @@ char *hydra_receive_line(int32_t socket) {
      if (debug) {
        sprintf(pid, "[DEBUG] RECV [pid:%d]", getpid());
        hydra_dump_data(buff, got, pid);
-        //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN [pid:%d len:%d]|%s|END", getpid(), got, buff);
+        // hydra_report_debug(stderr, "DEBUG_RECV_BEGIN [pid:%d len:%d]|%s|END",
+        // getpid(), got, buff);
      }
    } else {
      if (got < 0) {
        if (debug) {
          sprintf(pid, "[DEBUG] RECV [pid:%d]", getpid());
          hydra_dump_data((unsigned char *)"", -1, pid);
-          //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END [pid:%d %d]", getpid(), i);
+          // hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END [pid:%d %d]",
+          // getpid(), i);
          perror("recv");
        }
      }
@ -999,7 +1023,9 @@ char *hydra_receive_line(int32_t socket) {
    usleepn(100);
  } else {
    if (debug)
-      printf("[DEBUG] hydra_data_ready_timed: %d, waittime: %d, conwait: %d, socket: %d\n", i, waittime, conwait, socket);
+      printf("[DEBUG] hydra_data_ready_timed: %d, waittime: %d, conwait: %d, "
+             "socket: %d\n",
+             i, waittime, conwait, socket);
  }

  return buff;
@ -1022,12 +1048,13 @@ int32_t hydra_send(int32_t socket, char *buf, uint32_t size, int32_t options) {
            else
              debugbuf[k] = buf[k];
          debugbuf[size] = 0;
-      hydra_report_debug(stderr, "DEBUG_SEND_BEGIN|%s|END [pid:%d]", debugbuf, getpid());
-      free(debugbuf);
+          hydra_report_debug(stderr, "DEBUG_SEND_BEGIN|%s|END [pid:%d]",
+       debugbuf, getpid()); free(debugbuf);
        }*/
  }

-/*    if (hydra_data_ready_writing(socket)) < 1) return -1; XXX maybe needed in the future */
+  /*    if (hydra_data_ready_writing(socket)) < 1) return -1; XXX maybe needed
+   * in the future */
  return (internal__hydra_send(socket, buf, size, options));
 }

@ -1043,15 +1070,16 @@ int32_t make_to_lower(char *buf) {

 char *hydra_strrep(char *string, char *oldpiece, char *newpiece) {
  int32_t str_index, newstr_index, oldpiece_index, end, new_len, old_len, cpy_len;
-  char *c, oldstring[6096], newstring[6096]; //updated due to issue 192 on github.
+  char *c, oldstring[6096],
+      newstring[6096]; // updated due to issue 192 on github.
  static char finalstring[6096];

-  if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1
-      || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece)))
+  if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1 || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece)))
    return NULL;

  if (strlen(string) > 6000) {
-    hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max limit is 6000 characters.\n");
+    hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max "
+                         "limit is 6000 characters.\n");
    exit(-1);
  }

@ -1260,25 +1288,27 @@ char *hydra_address2string_beautiful(char *address) {
  return NULL; // not reached
 }

-void hydra_set_srcport(int32_t port) {
-  src_port = port;
-}
+void hydra_set_srcport(int32_t port) { src_port = port; }

 #ifdef HAVE_PCRE
 int32_t hydra_string_match(char *str, const char *regex) {
-  pcre *re = NULL;
-  int32_t offset_error = 0;
-  const char *error = NULL;
+  pcre2_code *re = NULL;
+  int32_t error_code = 0;
+  PCRE2_SIZE error_offset;
  int32_t rc = 0;

-  re = pcre_compile(regex, PCRE_CASELESS | PCRE_DOTALL, &error, &offset_error, NULL);
+  re = pcre2_compile(regex, PCRE2_ZERO_TERMINATED, PCRE2_CASELESS | PCRE2_DOTALL, &error_code, &error_offset, NULL);
  if (re == NULL) {
-    fprintf(stderr, "[ERROR] PCRE compilation failed at offset %d: %s\n", offset_error, error);
+    fprintf(stderr, "[ERROR] PCRE compilation failed at offset %d: %d\n", error_offset, error_code);
    return 0;
  }

-  rc = pcre_exec(re, NULL, str, strlen(str), 0, 0, NULL, 0);
-  if (rc >= 0) {
+  pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(re, NULL);
+  rc = pcre2_match(re, str, PCRE2_ZERO_TERMINATED, 0, 0, match_data, NULL);
+  pcre2_match_data_free(match_data);
+  pcre2_code_free(re);
+
+  if (rc >= 1) {
    return 1;
  }
  return 0;
@ -1289,9 +1319,9 @@ int32_t hydra_string_match(char *str, const char *regex) {
 * str_replace.c implements a str_replace PHP like function
 * Copyright (C) 2009  chantra <chantra__A__debuntu__D__org>
 *
- * Create a new string with [substr] being replaced ONCE by [replacement] in [string]
- * Returns the new string, or NULL if out of memory.
- * The caller is responsible for freeing this new string.
+ * Create a new string with [substr] being replaced ONCE by [replacement] in
+ * [string] Returns the new string, or NULL if out of memory. The caller is
+ * responsible for freeing this new string.
 *
 */
 char *hydra_string_replace(const char *string, const char *substr, const char *replacement) {
--- a/hydra-mod.h
+++ b/hydra-mod.h
@ -67,7 +67,16 @@ char proxy_string_type[MAX_PROXY_COUNT][10];
 char *proxy_authentication[MAX_PROXY_COUNT];
 char *cmdlinetarget;

+#ifndef __APPLE__
 typedef int32_t BOOL;
+#else /* __APPLE__ */
+/* ensure compatibility with objc libraries */
+#if (TARGET_OS_IPHONE && __LP64__) || TARGET_OS_WATCH
+typedef bool BOOL;
+#else
+typedef signed char BOOL;
+#endif
+#endif /* __APPLE__ */

 #define hydra_report fprintf

--- a/hydra-mongodb.c
+++ b/hydra-mongodb.c
@ -9,13 +9,12 @@
 #include "hydra-mod.h"

 #ifndef LIBMONGODB
-void dummy_mongodb() {
-  printf("\n");
-}
+void dummy_mongodb() { printf("\n"); }
 #else

 extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);

+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 char *buf;

@ -31,16 +30,17 @@ int is_error_msg(char *msg) {
 }

 int require_auth(int32_t sock) {
-  unsigned char m_hdr[] =
-    "\x3f\x00\x00\x00"  //messageLength (63)
+  unsigned char m_hdr[] = "\x3f\x00\x00\x00"                             // messageLength (63)
                          "\x00\x00\x00\x41"                             // requestID
                          "\xff\xff\xff\xff"                             // responseTo
                          "\xd4\x07\x00\x00"                             // opCode (2004 OP_QUERY)
                          "\x00\x00\x00\x00"                             // flags
-    "\x61\x64\x6d\x69\x6e\x2e\x24\x63\x6d\x64\x00" //fullCollectionName (admin.$cmd)
+                          "\x61\x64\x6d\x69\x6e\x2e\x24\x63\x6d\x64\x00" // fullCollectionName
+                                                                         // (admin.$cmd)
                          "\x00\x00\x00\x00"                             // numberToSkip (0)
                          "\x01\x00\x00\x00"                             // numberToReturn (1)
-    "\x18\x00\x00\x00\x10\x6c\x69\x73\x74\x44\x61\x74\x61\x62\x61\x73\x65\x73\x00\x01\x00\x00\x00\x00"; //query ({"listDatabases"=>1})
+                          "\x18\x00\x00\x00\x10\x6c\x69\x73\x74\x44\x61\x74\x61\x62\x61\x73\x65\x73"
+                          "\x00\x01\x00\x00\x00\x00"; // query ({"listDatabases"=>1})

  if (hydra_send(sock, m_hdr, sizeof(m_hdr), 0) > 0) {
    if (hydra_data_ready_timed(sock, 0, 1000) > 0) {
@ -73,10 +73,17 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options,
  mongoc_log_set_handler(NULL, NULL);
  bson_init(&q);

-  snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s/?authSource=%s",login, pass, hydra_address2string(ip), miscptr);
+  if (login[0] == '\0' && pass[0] == '\0') {
+    snprintf(uri, sizeof(uri), "mongodb://%s:%d/?authSource=%s", hydra_address2string(ip), port, miscptr);
+  } else {
+    snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s:%d/?authSource=%s", login, pass, hydra_address2string(ip), port, miscptr);
+  }
+
  client = mongoc_client_new(uri);
-  if (!client)
+  if (!client) {
+    hydra_completed_pair_skip();
    return 3;
+  }

  mongoc_client_set_appname(client, "hydra");
  collection = mongoc_client_get_collection(client, miscptr, "test");
@ -91,11 +98,11 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options,
      mongoc_collection_destroy(collection);
      mongoc_client_destroy(client);
      mongoc_cleanup();
-      hydra_completed_pair_skip();
+      hydra_completed_pair();
      if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
        return 3;
      }
-      return 2;
+      return 1;
    }
  }

@ -130,13 +137,16 @@ void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr,
    switch (run) {
    case 1:
      next_run = start_mongodb(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
      break;
    case 2:
      hydra_child_exit(0);
      return;
    default:
      if (!verbose)
-        hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose option for more details\n");
+        hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose "
+                             "option for more details\n");
      hydra_child_exit(2);
    }
    run = next_run;
@ -180,5 +190,6 @@ int32_t service_mongodb_init(char *ip, int32_t sp, unsigned char options, char *
 #endif

 void usage_mongodb(const char *service) {
-  printf("Module mongodb is optionally taking a database name to attack, default is \"admin\"\n\n");
+  printf("Module mongodb is optionally taking a database name to attack, "
+         "default is \"admin\"\n\n");
 }
--- a/hydra-mssql.c
+++ b/hydra-mssql.c
@ -1,23 +1,30 @@
 #include "hydra-mod.h"
-
-#define MSLEN 30
-
 extern char *HYDRA_EXIT;
 char *buf;

-unsigned char p_hdr[] =
-  "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00";
-unsigned char p_pk2[] =
-  "\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00"
+#if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB)
+#include <sybdb.h>
+#include <sybfront.h>
+#endif
+
+#define MSLEN 30
+
+unsigned char p_hdr[] = "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00"
+                        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+                        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+                        "\x00\x00\x00\x00\x00\x00\x00\x00\x00";
+unsigned char p_pk2[] = "\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00"
                        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                        "\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03"
                        "\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00"
                        "\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61"
                        "\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00"
                        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-  "\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00";
-unsigned char p_pk3[] =
+                        "\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+                        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+                        "\x00";
+unsigned char p_pk3[] = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
@ -38,16 +45,22 @@ unsigned char p_pk3[] =
                        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                        "\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44"
-  "\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00" "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00";
-unsigned char p_lng[] =
-  "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00"
+                        "\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00"
+                        "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00"
+                        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+                        "\x00\x00\x00\x00\x00\x00";
+unsigned char p_lng[] = "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00"
                        "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00"
                        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-  "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" "\x00\x03\x00\x00\x00";
+                        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+                        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+                        "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00"
+                        "\x00\x03\x00\x00\x00";

 int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
  char *empty = "";
  char *login, *pass, buffer[1024];
+  char *ipaddr_str = hydra_address2string(ip);
  char ms_login[MSLEN + 1];
  char ms_pass[MSLEN + 1];
  unsigned char len_login, len_pass;
@ -57,6 +70,42 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch
    login = empty;
  if (strlen(pass = hydra_get_next_password()) == 0)
    pass = empty;
+#if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB)
+  if ((strlen(login) > MSLEN) || (strlen(pass) > MSLEN)){
+
+    DBPROCESS *dbproc;
+    LOGINREC *attempt;
+  
+    attempt = dblogin();
+  
+    DBSETLUSER(attempt, login);
+    DBSETLPWD(attempt, pass);
+  
+    // Connect without specifying a database
+    dbproc = dbopen(attempt, ipaddr_str);  
+  
+    if (dbproc != NULL) {
+      dbclose(dbproc);
+      dbexit();
+      hydra_report_found_host(port, ip, "mssql", fp);
+      hydra_completed_pair_found();
+      if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+        return 2;
+      return 1;
+    }
+  
+    hydra_completed_pair();
+    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+      return 2;
+  
+    return 1;
+
+  }
+#else
+  if ((strlen(login) > MSLEN) || (strlen(pass) > MSLEN)){
+    fprintf(stderr,"[WARNING] To crack credentials longer than 30 characters, install freetds and recompile\n");
+  }
+#endif
  if (strlen(login) > MSLEN)
    login[MSLEN - 1] = 0;
  if (strlen(pass) > MSLEN)
@ -111,6 +160,10 @@ void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, F
  int32_t run = 1, next_run = 1, sock = -1;
  int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL;

+  #if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB)
+  dbinit();
+  #endif
+
  hydra_register_socket(sp);
  if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
    return;
--- a/hydra-mysql.c
+++ b/hydra-mysql.c
@ -1,19 +1,16 @@

 /* mysql 3.2x.x to 4.x support - by mcbethh (at) u-n-f (dot) com */

-/* david (dot) maciejak (at) gmail (dot) com for using libmysqlclient-dev, adding support for mysql version 5.x */
+/* david (dot) maciejak (at) gmail (dot) com for using libmysqlclient-dev,
+ * adding support for mysql version 5.x */

 #include "hydra-mod.h"

 #ifndef HAVE_MATH_H
 #include <stdio.h>
-void dummy_mysql() {
-  printf("\n");
-}
+void dummy_mysql() { printf("\n"); }

-void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
-  printf("\n");
-}
+void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { printf("\n"); }
 #else

 #include <math.h>
@ -38,10 +35,12 @@ char *hydra_scramble(char *to, const char *message, const char *password);
 extern int32_t internal__hydra_recv(int32_t socket, char *buf, int32_t length);
 extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);

+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 char mysqlsalt[9];

-/* modified hydra_receive_line, I've striped code which changed every 0x00 to 0x20 */
+/* modified hydra_receive_line, I've striped code which changed every 0x00 to
+ * 0x20 */
 char *hydra_mysql_receive_line(int32_t socket) {
  char buf[300], *buff, *buff2;
  int32_t i = 0, j = 0, buff_size = 300;
@ -108,7 +107,10 @@ char hydra_mysql_init(int32_t sock) {
    return 2;
  }
  if (protocol > 10) {
-    fprintf(stderr, "[INFO] This is protocol version %d, only v10 is supported, not sure if it will work\n", protocol);
+    fprintf(stderr,
+            "[INFO] This is protocol version %d, only v10 is supported, not "
+            "sure if it will work\n",
+            protocol);
  }
  server_version = &buf[5];
  pos = buf + strlen(server_version) + 10;
@ -116,7 +118,8 @@ char hydra_mysql_init(int32_t sock) {

  if (!strstr(server_version, "3.") && !strstr(server_version, "4.") && strstr(server_version, "5.")) {
 #ifndef LIBMYSQLCLIENT
-    hydra_report(stderr, "[ERROR] Not an MySQL protocol or unsupported version,\ncheck configure to see if libmysql is found\n");
+    hydra_report(stderr, "[ERROR] Not an MySQL protocol or unsupported version,\ncheck "
+                         "configure to see if libmysql is found\n");
 #endif
    free(buf);
    return 2;
@ -130,10 +133,7 @@ char hydra_mysql_init(int32_t sock) {
 char *hydra_mysql_prepare_auth(char *login, char *pass) {
  unsigned char *response;
  unsigned long login_len = strlen(login) > 32 ? 32 : strlen(login);
-  unsigned long response_len = 4 /* header */  +
-    2 /* client flags */  +
-    3 /* max packet len */  +
-    login_len + 1 + 8 /* scrambled password len */ ;
+  unsigned long response_len = 4 /* header */ + 2 /* client flags */ + 3 /* max packet len */ + login_len + 1 + 8 /* scrambled password len */;

  response = (unsigned char *)malloc(response_len + 4);
  if (response == NULL) {
@ -180,19 +180,13 @@ int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options,
  char *response = NULL, *login = NULL, *pass = NULL;
  unsigned long response_len;
  char res = 0;
-  char database[256];
+  char *database = NULL;

  login = hydra_get_next_login();
  pass = hydra_get_next_password();

  if (miscptr)
-    strncpy(database, miscptr, sizeof(database) - 1);
-  else {
-    strncpy(database, DEFAULT_DB, sizeof(database) - 1);
-    if (verbose)
-      hydra_report(stderr, "[VERBOSE] using default db 'mysql'\n");
-  }
-  database[sizeof(database) - 1] = 0;
+    database = miscptr;

  /* read server greeting */
  res = hydra_mysql_init(sock);
@ -227,7 +221,8 @@ int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options,
      }

      if (my_errno == 1251) {
-        hydra_report(stderr, "[ERROR] Client does not support authentication protocol requested by server\n");
+        hydra_report(stderr, "[ERROR] Client does not support authentication "
+                             "protocol requested by server\n");
      }

      /*
@ -330,13 +325,16 @@ void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, F
        port = myport;
      }
      if (sock < 0) {
-        if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
+        if (quiet != 1)
+          fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
        hydra_child_exit(1);
      }
      next_run = 2;
      break;
    case 2: /* run the cracking function */
      next_run = start_mysql(sock, ip, port, options, miscptr, fp);
+      if ((next_run == 1 || next_run == 2) && hydra_options.conwait)
+        sleep(hydra_options.conwait);
      break;
    case 3: /* clean exit */
      if (sock >= 0) {
@ -355,8 +353,6 @@ void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, F

 #ifndef LIBMYSQLCLIENT

-
-
 #endif

 /************************************************************************/
@ -397,7 +393,8 @@ void hydra_hash_password(unsigned long *result, const char *password) {
    nr2 += (nr2 << 8) ^ nr;
    add += tmp;
  }
-  result[0] = nr & (((unsigned long) 1L << 31) - 1L); /* Don't use sign bit (str2int) */ ;
+  result[0] = nr & (((unsigned long)1L << 31) - 1L); /* Don't use sign bit (str2int) */
+  ;
  result[1] = nr2 & (((unsigned long)1L << 31) - 1L);
  return;
 }
@ -439,5 +436,6 @@ int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *mi
 }

 void usage_mysql(const char *service) {
-  printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n");
+  printf("Module mysql is optionally taking the database to attack, default is "
+         "\"mysql\"\n\n");
 }
--- a/hydra-ncp.c
+++ b/hydra-ncp.c
@ -10,19 +10,16 @@
 *
 */

-
 #include "hydra-mod.h"

 #ifndef LIBNCP
-void dummy_ncp() {
-  printf("\n");
-}
+void dummy_ncp() { printf("\n"); }
 #else

-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
 #include <ncp/nwcalls.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>

 extern char *HYDRA_EXIT;
 extern int32_t child_head_no;
@ -37,7 +34,6 @@ typedef struct __NCP_DATA {
 //#define NCP_DEBUG

 int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
-
  char *login;
  char *pass;
  char context[256];
@ -47,13 +43,11 @@ int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char

  _NCP_DATA *session;

-
  session = malloc(sizeof(_NCP_DATA));
  memset(session, 0, sizeof(_NCP_DATA));
  login = empty;
  pass = empty;

-
  if (strlen(login = hydra_get_next_login()) == 0) {
    login = empty;
  } else {
@ -152,7 +146,8 @@ void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
      sock = hydra_connect_tcp(ip, myport);
      port = myport;
      if (sock < 0) {
-        if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
+        if (quiet != 1)
+          fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
        hydra_child_exit(1);
      }
      next_run = 2;
@ -198,5 +193,6 @@ int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *misc
 }

 void usage_ncp(const char *service) {
-  printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n");
+  printf("Module ncp is optionally taking the full context, for example "
+         "\".O=cx\"\n\n");
 }
--- a/hydra-nntp.c
+++ b/hydra-nntp.c
@ -48,7 +48,7 @@ char *nntp_read_server_capacity(int32_t sock) {
 }

 int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
-  char *empty = "\"\"";
+  char *empty = "\"\"", *result = NULL;
  char *login, *pass, buffer[500], buffer2[500], *fooptr;
  int32_t i = 1;

@ -112,7 +112,9 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha
    free(buf);

    memset(buffer, 0, sizeof(buffer));
-    sasl_plain(buffer, login, pass);
+    result = sasl_plain(buffer, login, pass);
+    if (result == NULL)
+      return 3;

    char tmp_buffer[sizeof(buffer)];
    sprintf(tmp_buffer, "%.250s\r\n", buffer);
@ -147,7 +149,9 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha
    free(buf);

    memset(buffer2, 0, sizeof(buffer2));
-      sasl_cram_md5(buffer2, pass, buffer);
+    result = sasl_cram_md5(buffer2, pass, buffer);
+    if (result == NULL)
+      return 3;

    sprintf(buffer, "%s %.250s", preplogin, buffer2);
    hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer));
@ -156,8 +160,7 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha
    sprintf(tmp_buffer, "%.250s\r\n", buffer);
    strcpy(buffer, tmp_buffer);
    free(preplogin);
-    }
-    break;
+  } break;

  case AUTH_DIGESTMD5: {
    sprintf(buffer, "AUTHINFO SASL DIGEST-MD5\r\n");
@ -179,16 +182,15 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha
    if (debug)
      hydra_report(stderr, "DEBUG S: %s\n", buffer);
    fooptr = buffer2;
-      sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL);
-      if (fooptr == NULL)
+    result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL);
+    if (result == NULL)
      return 3;

    if (debug)
      hydra_report(stderr, "DEBUG C: %s\n", buffer2);
    hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
    sprintf(buffer, "%s\r\n", buffer2);
-    }
-    break;
+  } break;

 #endif

@ -217,8 +219,7 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha
    buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL);
    to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));
    sprintf(buffer, "%s\r\n", (char *)buf1);
-    }
-    break;
+  } break;

  default: {
    sprintf(buffer, "AUTHINFO USER %.250s\r\n", login);
@ -237,10 +238,8 @@ int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, cha
    }
    free(buf);
    sprintf(buffer, "AUTHINFO PASS %.250s\r\n", pass);
+  } break;
  }
-    break;
-  }
-

  if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
    return 1;
@ -426,7 +425,6 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5

        if (strncmp(miscptr, "NTLM", 4) == 0)
          nntp_auth_mechanism = AUTH_NTLM;
-
      }
      if (verbose) {
        switch (nntp_auth_mechanism) {
@ -487,5 +485,6 @@ int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *mis
 }

 void usage_nntp(const char *service) {
-  printf("Module nntp is optionally taking one authentication type of:\n" "  USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n");
+  printf("Module nntp is optionally taking one authentication type of:\n"
+         "  USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n");
 }
--- a/hydra-oracle-listener.c
+++ b/hydra-oracle-listener.c
@ -13,14 +13,13 @@ at http://marcellmajor.com/frame_listenerhash.html
 #include "hydra-mod.h"
 #ifndef LIBOPENSSL
 #include <stdio.h>
-void dummy_oracle_listener() {
-  printf("\n");
-}
+void dummy_oracle_listener() { printf("\n"); }
 #else
 #include "sasl.h"
 #include <openssl/des.h>
 #define HASHSIZE 17

+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 char *buf;
 unsigned char *hash;
@ -180,12 +179,10 @@ int32_t ora_hash_password(char *pass) {
 }

 int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
-  unsigned char tns_packet_begin[22] = {
-    "\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00"
-  };
-  unsigned char tns_packet_end[32] = {
-    "\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"
-  };
+  unsigned char tns_packet_begin[22] = {"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e"
+                                        "\x00\x00\x01\x00"};
+  unsigned char tns_packet_end[32] = {"\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+                                      "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"};

  char *empty = "";
  char *pass;
@ -212,7 +209,10 @@ int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char o
    }
    pass = (char *)hash;
  }
-  snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=))(COMMAND=reload)(PASSWORD=%s)(SERVICE=)(VERSION=169869568)))", pass);
+  snprintf(connect_string, sizeof(connect_string),
+           "(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=))(COMMAND=reload)("
+           "PASSWORD=%s)(SERVICE=)(VERSION=169869568)))",
+           pass);

  if (hash != NULL)
    free(hash);
@ -305,6 +305,8 @@ void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *
      }
      /* run the cracking function */
      next_run = start_oracle_listener(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
      break;
    case 3: /* clean exit */
      if (sock >= 0)
@ -339,7 +341,8 @@ int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options
 }

 void usage_oracle_listener(const char *service) {
-  printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n");
+  printf("Module oracle-listener / tns is optionally taking the mode the "
+         "password is stored as, could be PLAIN (default) or CLEAR\n\n");
 }

 #endif
--- a/hydra-oracle-sid.c
+++ b/hydra-oracle-sid.c
@ -11,30 +11,26 @@ find a big list on the Internet
 #include "hydra-mod.h"
 #ifndef LIBOPENSSL
 #include <stdio.h>
-void dummy_oracle_sid() {
-  printf("\n");
-}
+void dummy_oracle_sid() { printf("\n"); }
 #else
 #include <openssl/des.h>
 #define HASHSIZE 16

+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 char *buf;
 unsigned char *hash;

-
 int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
  /*
     PP is the packet length
     XX is the length of connect data
     PP + tns_packet_begin + XX + tns_packet_end
   */
-  unsigned char tns_packet_begin[22] = {
-    "\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00"
-  };
-  unsigned char tns_packet_end[32] = {
-    "\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"
-  };
+  unsigned char tns_packet_begin[22] = {"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e"
+                                        "\x00\x00\x01\x00"};
+  unsigned char tns_packet_end[32] = {"\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+                                      "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"};
  char *empty = "";
  char *login;
  char connect_string[200];
@ -47,8 +43,10 @@ int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char option
  if (strlen(login = hydra_get_next_login()) == 0)
    login = empty;

-  snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))", login,
-           hydra_address2string(ip), port);
+  snprintf(connect_string, sizeof(connect_string),
+           "(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)("
+           "USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))",
+           login, hydra_address2string(ip), port);
  siz = 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string);
  if (siz > 255) {
    buffer2[0] = 1;
@ -72,7 +70,8 @@ int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char option

  if ((buf = hydra_receive_line(s)) == NULL)
    return 1;
-  //if no error reported. it should be a resend packet type 00 08 00 00 0b 00 00 00, 4 is refuse
+  // if no error reported. it should be a resend packet type 00 08 00 00 0b 00
+  // 00 00, 4 is refuse
  if ((strstr(buf, "ERR=") == NULL) && (buf[4] != 4)) {
    hydra_report_found_host(port, ip, "oracle-sid", fp);
    hydra_completed_pair_found();
@ -115,6 +114,8 @@ void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscp
      }
      /* run the cracking function */
      next_run = start_oracle_sid(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
      break;
    case 3: /* clean exit */
      if (sock >= 0)
--- a/hydra-oracle.c
+++ b/hydra-oracle.c
@ -4,8 +4,8 @@ david: code is based on SNORT spo_database.c

 tested with :
 -instantclient_10_2 on Oracle 10.2.0
-instantclient-basic-linux.*-11.2.0.3.0.zip + instantclient-sdk-linux.*-11.2.0.3.0.zip
-on Oracle 9i and on Oracle 11g
+-instantclient-basic-linux.*-11.2.0.3.0.zip +
+instantclient-sdk-linux.*-11.2.0.3.0.zip on Oracle 9i and on Oracle 11g

 */

@ -13,15 +13,15 @@ on Oracle 9i and on Oracle 11g

 #ifndef LIBORACLE

-void dummy_oracle() {
-  printf("\n");
-}
+void dummy_oracle() { printf("\n"); }

 #else

 #include <oci.h>
+#include <stdbool.h>
 #include <sys/types.h>

+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;

 OCIEnv *o_environment;
@ -55,14 +55,17 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c

  /*

-     To use the Easy Connect naming method, PHP must be linked with Oracle 10g or greater Client libraries.
-     The Easy Connect string for Oracle 10g is of the form: [//]host_name[:port][/service_name].
-     With Oracle 11g, the syntax is: [//]host_name[:port][/service_name][:server_type][/instance_name].
-     Service names can be found by running the Oracle utility lsnrctl status on the database server machine.
+     To use the Easy Connect naming method, PHP must be linked with Oracle 10g
+     or greater Client libraries. The Easy Connect string for Oracle 10g is of
+     the form: [//]host_name[:port][/service_name]. With Oracle 11g, the syntax
+     is: [//]host_name[:port][/service_name][:server_type][/instance_name].
+     Service names can be found by running the Oracle utility lsnrctl status on
+     the database server machine.

-     The tnsnames.ora file can be in the Oracle Net search path, which includes $ORACLE_HOME/network/admin
-     and /etc. Alternatively set TNS_ADMIN so that $TNS_ADMIN/tnsnames.ora is read. Make sure the web
-     daemon has read access to the file. 
+     The tnsnames.ora file can be in the Oracle Net search path, which includes
+     $ORACLE_HOME/network/admin and /etc. Alternatively set TNS_ADMIN so that
+     $TNS_ADMIN/tnsnames.ora is read. Make sure the web daemon has read access
+     to the file.

   */

@ -83,17 +86,21 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c
    return 4;
  }

+  bool success = true;
  if (OCILogon(o_environment, o_error, &o_servicecontext, (const OraText *)login, strlen(login), (const OraText *)pass, strlen(pass), (const OraText *)buffer, strlen(buffer))) {
+    success = false;
    OCIErrorGet(o_error, 1, NULL, &o_errorcode, o_errormsg, sizeof(o_errormsg), OCI_HTYPE_ERROR);
-    //database: oracle_error: ORA-01017: invalid username/password; logon denied
-    //database: oracle_error: ORA-12514: TNS:listener does not currently know of service requested in connect descriptor
-    //database: oracle_error: ORA-28000: the account is locked
-    //Failed login attempts is set to 10 by default
+    // database: oracle_error: ORA-01017: invalid username/password; logon
+    // denied database: oracle_error: ORA-12514: TNS:listener does not currently
+    // know of service requested in connect descriptor database: oracle_error:
+    // ORA-28000: the account is locked Failed login attempts is set to 10 by
+    // default
    if (verbose) {
      hydra_report(stderr, "[VERBOSE] database: oracle_error: %s\n", o_errormsg);
    }
    if (strstr((const char *)o_errormsg, "ORA-12514") != NULL) {
-      hydra_report(stderr, "[ERROR] ORACLE SID is not valid, you should try to enumerate them.\n");
+      hydra_report(stderr, "[ERROR] ORACLE SID is not valid, you should try to "
+                           "enumerate them.\n");
      hydra_completed_pair();
      return 3;
    }
@ -104,32 +111,26 @@ int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, c
        return 3;
      return 2;
    }
-
-    if (o_error) {
-      OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR);
+    // ORA-28002: the password will expire within 7 days
+    if (strstr((const char *)o_errormsg, "ORA-28002") != NULL) {
+      hydra_report(stderr, "[INFO] ORACLE account %s password will expire soon.\n", login);
+      success = true;
+    }
  }

-    hydra_completed_pair();
-    //by default, set in sqlnet.ora, the trace file is generated in pwd to log any errors happening,
-    //as we don't care, we are deleting the file
-    //set these parameters to not generate the file
-    //LOG_DIRECTORY_CLIENT = /dev/null
-    //LOG_FILE_CLIENT = /dev/null
-
-    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
-      return 3;
-    return 2;
-  } else {
+  if (success) {
    OCILogoff(o_servicecontext, o_error);
-    if (o_error) {
-      OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR);
-    }
    hydra_report_found_host(port, ip, "oracle", fp);
    hydra_completed_pair_found();
+  } else {
+    hydra_completed_pair();
+  }
+  if (o_error) {
+    OCIHandleFree((dvoid *)o_error, OCI_HTYPE_ERROR);
  }
  if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
    return 3;
-  return 1;
+  return success ? 1 : 2;
 }

 void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
@ -165,11 +166,17 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr,
      break;
    case 2:
      next_run = start_oracle(sock, ip, port, options, miscptr, fp);
-      hydra_child_exit(0);
+      if ((next_run == 1 || next_run == 2) && hydra_options.conwait)
+        sleep(hydra_options.conwait);
      break;
    case 3: /* clean exit */
      if (sock >= 0)
        sock = hydra_disconnect(sock);
+
+      // by default, set in sqlnet.ora, the trace file is generated in pwd to log
+      // any errors happening, as we don't care, we are deleting the file set
+      // these parameters to not generate the file LOG_DIRECTORY_CLIENT =
+      // /dev/null LOG_FILE_CLIENT = /dev/null
      unlink("sqlnet.log");
      hydra_child_exit(0);
      return;
@ -198,5 +205,6 @@ int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *m
 }

 void usage_oracle(const char *service) {
-  printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n");
+  printf("Module oracle / ora is optionally taking the ORACLE SID, default is "
+         "\"ORCL\"\n\n");
 }
--- a/hydra-pcanywhere.c
+++ b/hydra-pcanywhere.c
@ -71,7 +71,6 @@ void pca_encrypt(char *cleartxt) {
    passwd[strlen(passwd)] = '\0';
    strcpy(cleartxt, passwd);
  }
-
 }

 void pca_decrypt(char *password) {
@ -119,7 +118,6 @@ int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char option
  server[3] = "Enter login name";
  server[4] = "denying connection";

-
  if (strlen(login = hydra_get_next_login()) == 0)
    login = empty;
  if (strlen(pass = hydra_get_next_password()) == 0)
@ -158,13 +156,15 @@ int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char option
    if (i == 0 || i == 3)
      clean_buffer(buffer, ret);

-    if (debug) show_buffer(buffer, ret);
+    if (debug)
+      show_buffer(buffer, ret);

    if (i == 2) {
      clean_buffer(buffer, ret);
      buffer[sizeof(buffer) - 1] = 0;
      if (strstr(buffer, server[i + 2]) != NULL) {
-        fprintf(stderr, "[ERROR] PC Anywhere host denying connection because you have requested a lower encrypt level\n");
+        fprintf(stderr, "[ERROR] PC Anywhere host denying connection because "
+                        "you have requested a lower encrypt level\n");
        return 3;
      }
    }
@ -233,7 +233,6 @@ void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscp
    return;

  while (1) {
-
    switch (run) {
    case 1: /* connect and service init function */
      if (sock >= 0)
@ -251,7 +250,8 @@ void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscp
        port = mysslport;
      }
      if (sock < 0) {
-        if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
+        if (quiet != 1)
+          fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
        hydra_child_exit(1);
      }

--- a/hydra-pcnfs.c
+++ b/hydra-pcnfs.c
@ -66,7 +66,9 @@ int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, ch
  prh->len_passwd = htonl(63);
  prh->len_comments = htonl(254);

-  strcpy(prh->comments, " Hydra - THC password cracker - visit https://github.com/vanhauser-thc/thc-hydra - use only allowed for legal purposes ");
+  strcpy(prh->comments, " Hydra - THC password cracker - visit "
+                        "https://github.com/vanhauser-thc/thc-hydra - use only "
+                        "allowed for legal purposes ");
  strcpy(prh->name, "localhost");

  ptr = prh->id;
@ -161,7 +163,8 @@ void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, F
        sock = hydra_disconnect(sock);
      //        usleepn(275);
      if ((sock = hydra_connect_udp(ip, port)) < 0) {
-          if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
+        if (quiet != 1)
+          fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
        hydra_child_exit(1);
      }
      next_run = 2;
--- a/hydra-pop3.c
+++ b/hydra-pop3.c
@ -88,7 +88,6 @@ char *pop3_read_server_capacity(int32_t sock) {
      free(buf);
    ptr = buf = hydra_receive_line(sock);
    if (buf != NULL) {
-
      /*
      exchange capa:

@ -99,7 +98,8 @@ STLS
      */
      if (strstr(buf, "\r\n.\r\n") != NULL && buf[0] == '+') {
        resp = 1;
-        /* we got the capability info then get the completed warning info from server */
+        /* we got the capability info then get the completed warning info from
+         * server */
        while (hydra_data_ready(sock)) {
          free(buf);
          buf = hydra_receive_line(sock);
@ -109,7 +109,7 @@ STLS
          buf[strlen(buf) - 1] = 0;
        if (buf[strlen(buf) - 1] == '\r')
          buf[strlen(buf) - 1] = 0;
-        if (*(ptr) == '.' || *(ptr) == '-')
+        if (buf[strlen(buf) - 1] == '.' || *(ptr) == '.' || *(ptr) == '-')
          resp = 1;
      }
    }
@ -118,7 +118,7 @@ STLS
 }

 int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
-  char *empty = "\"\"";
+  char *empty = "\"\"", *result = NULL;
  char *login, *pass, buffer[500], buffer2[500], *fooptr;

  if (strlen(login = hydra_get_next_login()) == 0)
@ -150,8 +150,7 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha
      pbuffer += 2;
    }
    sprintf(buffer, "APOP %s %s\r\n", login, buffer2);
-    }
-    break;
+  } break;
 #endif

  case AUTH_LOGIN: {
@ -186,8 +185,7 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha
    strcpy(buffer2, pass);
    hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
    sprintf(buffer, "%.250s\r\n", buffer2);
-    }
-    break;
+  } break;

  case AUTH_PLAIN: {
    sprintf(buffer, "AUTH PLAIN\r\n");
@ -204,13 +202,14 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha
    free(buf);

    memset(buffer, 0, sizeof(buffer));
-      sasl_plain(buffer, login, pass);
+    result = sasl_plain(buffer, login, pass);
+    if (result == NULL)
+      return 3;

    char tmp_buffer[sizeof(buffer)];
    sprintf(tmp_buffer, "%.250s\r\n", buffer);
    strcpy(buffer, tmp_buffer);
-    }
-    break;
+  } break;

 #ifdef LIBOPENSSL
  case AUTH_CRAMMD5:
@ -266,20 +265,23 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha

    switch (p->pop3_auth_mechanism) {
    case AUTH_CRAMMD5: {
-          sasl_cram_md5(buffer2, pass, buffer);
+      result = sasl_cram_md5(buffer2, pass, buffer);
+      if (result == NULL)
+        return 3;
      sprintf(buffer, "%s %.250s", preplogin, buffer2);
-        }
-        break;
+    } break;
    case AUTH_CRAMSHA1: {
-          sasl_cram_sha1(buffer2, pass, buffer);
+      result = sasl_cram_sha1(buffer2, pass, buffer);
+      if (result == NULL)
+        return 3;
      sprintf(buffer, "%s %.250s", preplogin, buffer2);
-        }
-        break;
+    } break;
    case AUTH_CRAMSHA256: {
-          sasl_cram_sha256(buffer2, pass, buffer);
+      result = sasl_cram_sha256(buffer2, pass, buffer);
+      if (result == NULL)
+        return 3;
      sprintf(buffer, "%s %.250s", preplogin, buffer2);
-        }
-        break;
+    } break;
    }
    hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer));

@ -287,8 +289,7 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha
    sprintf(tmp_buffer, "%.250s\r\n", buffer);
    strcpy(buffer, tmp_buffer);
    free(preplogin);
-    }
-    break;
+  } break;

  case AUTH_DIGESTMD5: {
    sprintf(buffer, "AUTH DIGEST-MD5\r\n");
@ -311,16 +312,15 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha
      hydra_report(stderr, "[DEBUG] S: %s\n", buffer);

    fooptr = buffer2;
-      sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL);
-      if (fooptr == NULL)
+    result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL);
+    if (result == NULL)
      return 3;

    if (debug)
      hydra_report(stderr, "[DEBUG] C: %s\n", buffer2);
    hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
    sprintf(buffer, "%s\r\n", buffer2);
-    }
-    break;
+  } break;
 #endif

  case AUTH_NTLM: {
@ -361,8 +361,7 @@ int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, cha
    to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));

    sprintf(buffer, "%s\r\n", buf1);
-    }
-    break;
+  } break;
  default:
    sprintf(buffer, "USER %.250s\r\n", login);
    if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
@ -433,7 +432,6 @@ void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
  if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
    return;

-
  while (1) {
    switch (run) {
    case 1: /* connect and service init function */
@ -470,11 +468,13 @@ void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FI

 #ifdef LIBOPENSSL
      if (!p->disable_tls) {
-        /* check for STARTTLS, if available we may have access to more basic auth methods */
+        /* check for STARTTLS, if available we may have access to more basic
+         * auth methods */
        hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0);
        buf = hydra_receive_line(sock);
        if (buf[0] != '+') {
-          hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
+          hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer "
+                               "received from STARTTLS request\n");
        } else {
          free(buf);
          if ((hydra_connect_to_ssl(sock, hostname) == -1)) {
@ -512,7 +512,6 @@ void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
  }
 }

-
 int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
  int32_t myport = PORT_POP3, mysslport = PORT_POP3_SSL;
  char *ptr = NULL;
@ -523,6 +522,7 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis

  p.pop3_auth_mechanism = AUTH_CLEAR;
  p.disable_tls = 1;
+  p.next = NULL;
  memcpy(p.ip, ip, 36);

  if ((options & OPTION_SSL) == 0) {
@ -583,13 +583,15 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis

 #ifdef LIBOPENSSL
  if (!p.disable_tls) {
-    /* check for STARTTLS, if available we may have access to more basic auth methods */
+    /* check for STARTTLS, if available we may have access to more basic auth
+     * methods */
    if (strstr(buf, "STLS") != NULL) {
      hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0);
      free(buf);
      buf = hydra_receive_line(sock);
      if (buf[0] != '+') {
-        hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
+        hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer "
+                             "received from STARTTLS request\n");
      } else {
        free(buf);
        if ((hydra_connect_to_ssl(sock, hostname) == -1)) {
@ -615,7 +617,8 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis
        }
      }
    } else
-      hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n");
+      hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not "
+                           "supported by the server\n");
  }
 #endif

@ -624,7 +627,6 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis
  }
  hydra_disconnect(sock);

-
  if (verbose)
    hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf);

@ -647,7 +649,8 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis
     which are supported.
   */

-  /* which mean threre will *always* have a space before the LOGIN auth keyword */
+  /* which mean threre will *always* have a space before the LOGIN auth keyword
+   */
  if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) {
    p.pop3_auth_mechanism = AUTH_NTLM;
  }
@ -687,12 +690,10 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis
 #else
    p.pop3_auth_mechanism = AUTH_CLEAR;
 #endif
-
  }
  free(buf);

  if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
-
    if (strstr(miscptr, "CLEAR"))
      p.pop3_auth_mechanism = AUTH_CLEAR;

@ -721,7 +722,6 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis

    if (strstr(miscptr, "NTLM"))
      p.pop3_auth_mechanism = AUTH_NTLM;
-
  }

  if (verbose) {
@ -764,7 +764,6 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis
    case AUTH_NTLM:
      hydra_report(stderr, "[VERBOSE] using POP3 NTLM AUTH mechanism\n");
      break;
-
    }
  }

@ -779,5 +778,8 @@ int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *mis
 void usage_pop3(const char *service) {
  printf("Module pop3 is optionally taking one authentication type of:\n"
         "  CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n"
-         "  CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n");
+         "  CRAM-SHA256, DIGEST-MD5, NTLM.\n"
+         "Additionally TLS encryption via STLS can be enforced with the TLS "
+         "option.\n\n"
+         "Example: pop3://target/TLS:PLAIN\n");
 }
--- a/hydra-postgres.c
+++ b/hydra-postgres.c
@ -8,9 +8,7 @@
 #include "hydra-mod.h"

 #ifndef LIBPOSTGRES
-void dummy_postgres() {
-  printf("\n");
-}
+void dummy_postgres() { printf("\n"); }
 #else

 #include "libpq-fe.h" // Postgres connection functions
@ -18,6 +16,7 @@ void dummy_postgres() {

 #define DEFAULT_DB "template1"

+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;

 int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
@ -42,8 +41,7 @@ int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options,
   *      Building the connection string
   */

-
-  snprintf(connection_string, sizeof(connection_string), "host = '%s' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), database, login, pass);
+  snprintf(connection_string, sizeof(connection_string), "host = '%s' port = '%d' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), port, database, login, pass);

  if (verbose)
    hydra_report(stderr, "connection string: %s\n", connection_string);
@ -74,7 +72,6 @@ void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr
    return;

  while (1) {
-
    switch (run) {
    case 1: /* connect and service init function */
      if (sock >= 0)
@ -92,7 +89,8 @@ void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr
        port = mysslport;
      }
      if (sock < 0) {
-        if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
+        if (quiet != 1)
+          fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
        hydra_child_exit(1);
      }
      next_run = 2;
@ -102,6 +100,8 @@ void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr
       *      Here we start the password cracking process
       */
      next_run = start_postgres(sock, ip, port, options, miscptr, fp);
+      if ((next_run == 2 || next_run == 1) && hydra_options.conwait)
+        sleep(hydra_options.conwait);
      break;
    case 3:
      if (sock >= 0)
@ -133,5 +133,6 @@ int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char
 }

 void usage_postgres(const char *service) {
-  printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n");
+  printf("Module postgres is optionally taking the database to attack, default "
+         "is \"template1\"\n\n");
 }
--- a/hydra-radmin2.c
+++ b/hydra-radmin2.c
@ -19,10 +19,10 @@ struct rmessage {

 /*
 * Usage: sum = checksum(message);
- * Function: Returns a 4 byte little endian sum of the messages typecode+data. This data is zero padded for alignment.
- * Example message (big endian):
- * [01][00000021][0f43d461] sum([1b6e779a f37189bb c1b22982 c80d1f4d 66678ff9 4b10f0ce eabff6e8 f4fb8338 3b] + zeropad(3)])
- * Sum: is 0f43d461 (big endian)
+ * Function: Returns a 4 byte little endian sum of the messages typecode+data.
+ * This data is zero padded for alignment. Example message (big endian):
+ * [01][00000021][0f43d461] sum([1b6e779a f37189bb c1b22982 c80d1f4d 66678ff9
+ * 4b10f0ce eabff6e8 f4fb8338 3b] + zeropad(3)]) Sum: is 0f43d461 (big endian)
 */
 uint32_t checksum(struct rmessage *msg) {
  int32_t blen;
@ -50,7 +50,8 @@ uint32_t checksum(struct rmessage *msg) {

 /*
 * Usage: challenge_request(message);
- * Function: Modifies message to reflect a request for a challenge. Updates the checksum as appropriate.
+ * Function: Modifies message to reflect a request for a challenge. Updates the
+ * checksum as appropriate.
 */
 void challenge_request(struct rmessage *msg) {
  msg->magic = 0x01;
@ -61,7 +62,8 @@ void challenge_request(struct rmessage *msg) {

 /*
 * Usage: challenge_request(message);
- * Function: Modifies message to reflect a response to a challenge. Updates the checksum as appropriate.
+ * Function: Modifies message to reflect a response to a challenge. Updates the
+ * checksum as appropriate.
 */
 void challenge_response(struct rmessage *msg, unsigned char *solution) {
  msg->magic = 0x01;
@ -72,8 +74,9 @@ void challenge_response(struct rmessage *msg, unsigned char *solution) {
 }

 /*
- * Usage: buffer = message2buffer(message); send(buffer, message->length + 10); free(buffer)
- * Function: Allocates a buffer for transmission and fills the buffer with message data such that it is ready to transmit.
+ * Usage: buffer = message2buffer(message); send(buffer, message->length + 10);
+ * free(buffer) Function: Allocates a buffer for transmission and fills the
+ * buffer with message data such that it is ready to transmit.
 */
 // TODO: conver to a sendMessage() function?
 char *message2buffer(struct rmessage *msg) {
@ -163,10 +166,7 @@ struct rmessage *buffer2message(char *buffer) {
  return msg;
 }

-
-int32_t start_radmin2(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
-  return 0;
-}
+int32_t start_radmin2(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { return 0; }

 void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
 #ifdef HAVE_GCRYPT
@ -200,7 +200,6 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr,
  }

  while (1) {
-
    /* Typical conversation goes as follows...
     0) connect to server
     1) request challenge
@ -225,7 +224,8 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr,

    // 2) receive response (working)
    index = 0;
-    while(index < 42) { //We're always expecting back a 42 byte buffer from a challenge request.
+    while (index < 42) { // We're always expecting back a 42 byte buffer from a
+                         // challenge request.
      switch (hydra_data_ready(sock)) {
      case -1:
        hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno));
@ -237,7 +237,10 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr,
      default:
        bytecount = hydra_recv(sock, buffer + index, 42 - index);
        if (bytecount < 0) {
-            hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno));
+          hydra_report(stderr,
+                       "Error: Child with pid %d terminating, receive "
+                       "error\nerror:\t%s\n",
+                       (int32_t)getpid(), strerror(errno));
          hydra_child_exit(1);
        }
        index += bytecount;
@ -252,10 +255,14 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr,
    hydra_get_next_pair();
    strncpy(password, hydra_get_next_password(), sizeof(password) - 1);

-    //MD5 the password to generate the password key, this is used with twofish below.
+    // MD5 the password to generate the password key, this is used with twofish
+    // below.
    err = gcry_md_open(&md, GCRY_MD_MD5, 0);
    if (err) {
-      hydra_report(stderr, "Error: Child with pid %d terminating, gcry_md_open error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
+      hydra_report(stderr,
+                   "Error: Child with pid %d terminating, gcry_md_open error "
+                   "(%08x)\n%s/%s",
+                   (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
      hydra_child_exit(1);
    }
    gcry_md_reset(md);
@ -273,25 +280,37 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr,
    // 3.b) encrypt data received using pkey & known IV
    err = gcry_cipher_open(&cipher, GCRY_CIPHER_TWOFISH128, GCRY_CIPHER_MODE_CBC, 0);
    if (err) {
-      hydra_report(stderr, "Error: Child with pid %d terminating, gcry_cipher_open error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
+      hydra_report(stderr,
+                   "Error: Child with pid %d terminating, gcry_cipher_open "
+                   "error (%08x)\n%s/%s",
+                   (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
      hydra_child_exit(1);
    }

    err = gcry_cipher_setiv(cipher, IV, 16);
    if (err) {
-      hydra_report(stderr, "Error: Child with pid %d terminating, gcry_cipher_setiv error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
+      hydra_report(stderr,
+                   "Error: Child with pid %d terminating, gcry_cipher_setiv "
+                   "error (%08x)\n%s/%s",
+                   (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
      hydra_child_exit(1);
    }

    err = gcry_cipher_setkey(cipher, rawkey, 16);
    if (err) {
-      hydra_report(stderr, "Error: Child with pid %d terminating, gcry_cipher_setkey error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
+      hydra_report(stderr,
+                   "Error: Child with pid %d terminating, gcry_cipher_setkey "
+                   "error (%08x)\n%s/%s",
+                   (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
      hydra_child_exit(1);
    }

    err = gcry_cipher_encrypt(cipher, encrypted, 32, msg->data, 32);
    if (err) {
-      hydra_report(stderr, "Error: Child with pid %d terminating, gcry_cipher_encrypt error (%08x)\n%s/%s", (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
+      hydra_report(stderr,
+                   "Error: Child with pid %d terminating, gcry_cipher_encrypt "
+                   "error (%08x)\n%s/%s",
+                   (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err));
      hydra_child_exit(1);
    }

@ -312,7 +331,8 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr,

    // 4) receive auth success/failure
    index = 0;
-    while(index < 10) { //We're always expecting back a 42 byte buffer from a challenge request.
+    while (index < 10) { // We're always expecting back a 42 byte buffer from a
+                         // challenge request.
      switch (hydra_data_ready(sock)) {
      case -1:
        hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno));
@ -324,7 +344,10 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr,
      default:
        bytecount = hydra_recv(sock, buffer + index, 10 - index);
        if (bytecount < 0) {
-            hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno));
+          hydra_report(stderr,
+                       "Error: Child with pid %d terminating, receive "
+                       "error\nerror:\t%s\n",
+                       (int32_t)getpid(), strerror(errno));
          hydra_child_exit(1);
        }
        index += bytecount;
@ -343,6 +366,7 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr,
      hydra_report(stderr, "Error: Child with pid %d terminating, protocol error\n", (int32_t)getpid());
      hydra_child_exit(2);
    }
+    free(msg);
  }
 #endif
 }
--- a/hydra-rdp.c
+++ b/hydra-rdp.c
@ -1,5 +1,5 @@
 /*
-   This module is using freerdp2 lib
+   This module is using freerdp3 lib

   Tested on:
  - Windows 7 pro SP1
@ -9,25 +9,37 @@

 #include "hydra-mod.h"

+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
-#ifndef LIBFREERDP2
-void dummy_rdp() {
-  printf("\n");
-}
+#ifndef LIBFREERDP
+void dummy_rdp() { printf("\n"); }
 #else

 #include <freerdp/freerdp.h>
+#include <freerdp/version.h>
 freerdp *instance = 0;
 BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *password) {
  int32_t err = 0;

-  instance->settings->Username = login;
-  instance->settings->Password = password;
-  instance->settings->IgnoreCertificate = TRUE;
-  instance->settings->AuthenticationOnly = TRUE;
-  instance->settings->ServerHostname = server;
-  instance->settings->ServerPort = port;
-  instance->settings->Domain = domain;
+  rdpSettings* settings = instance->context->settings;
+
+  settings->Username = login;
+  settings->Password = password;
+  settings->IgnoreCertificate = TRUE;
+  if (password[0] == 0)
+    settings->AuthenticationOnly = FALSE;
+  else
+    settings->AuthenticationOnly = TRUE;
+  settings->ServerHostname = server;
+  settings->ServerPort = port;
+  settings->Domain = domain;
+
+#if FREERDP_VERSION_MAJOR == 2
+  settings->MaxTimeInCheckLoop = 100;
+#endif
+  // freerdp timeout format is microseconds -> default:15000
+  settings->TcpConnectTimeout = hydra_options.waittime * 1000;
+  settings->TlsSecLevel = 0;
  freerdp_connect(instance);
  err = freerdp_get_last_error(instance->context);
  return err;
@ -48,7 +60,7 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr,
  if (strlen(pass = hydra_get_next_password()) == 0)
    pass = empty;

-  strcpy(server, hydra_address2string(ip));
+  strncpy(server, hydra_address2string(ip), sizeof(server) - 1);

  if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
    strncpy(domain, miscptr, sizeof(domain) - 1);
@ -56,6 +68,8 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr,
  }

  login_result = rdp_connect(server, port, domain, login, pass);
+  if (debug)
+    hydra_report(stderr, "[DEBUG] rdp reported %08x\n", login_result);
  switch (login_result) {
  case 0:
    // login success
@ -68,11 +82,23 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr,
    // login failure
    hydra_completed_pair();
    break;
+  case 0x0002000f:
+    // login failure
+    hydra_completed_pair_skip();
+    break;
+  case 0x0002000d:
+    hydra_report(stderr,
+                 "[%d][rdp] account on %s might be valid but account not "
+                 "active for remote desktop: login: %s password: %s, "
+                 "continuing attacking the account.\n",
+                 port, hydra_address2string_beautiful(ip), login, pass);
+    hydra_completed_pair();
+    break;
  case 0x00020006:
  case 0x00020008:
  case 0x0002000c:
-    case 0x0002000d:
-      // cannot establish rdp connection, either the port is not opened or it's not rdp
+    // cannot establish rdp connection, either the port is not opened or it's
+    // not rdp
    return 3;
  default:
    if (verbose) {
@ -88,6 +114,7 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr,
 void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
  int32_t run = 1, next_run = 1;
  int32_t myport = PORT_RDP;
+  int32_t __first_rdp_connect = 1;

  if (port != 0)
    myport = port;
@ -99,7 +126,13 @@ void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
    next_run = 0;
    switch (run) {
    case 1: /* run the cracking function */
+      if (__first_rdp_connect != 0)
+        __first_rdp_connect = 0;
+      else
+        sleep(hydra_options.conwait);
      next_run = start_rdp(ip, myport, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
      break;
    case 2: /* clean exit */
      freerdp_disconnect(instance);
@ -143,6 +176,8 @@ int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *misc
 }

 void usage_rdp(const char *service) {
-  printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n");
+  printf("Module rdp is optionally taking the windows domain name.\n"
+         "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p "
+         "doe\n\n");
 }
 #endif
--- a/hydra-redis.c
+++ b/hydra-redis.c
@ -24,6 +24,11 @@ int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, ch
    return 1;
  }
  buf = hydra_receive_line(s);
+  if (buf == NULL) {
+    hydra_report(stderr, "[ERROR] Failed to receive response from Redis server.\n");
+    return 3;
+  }
+
  if (buf[0] == '+') {
    hydra_report_found_host(port, ip, "redis", fp);
    hydra_completed_pair_found();
@ -95,6 +100,7 @@ void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscp
      if (sock >= 0)
        sock = hydra_disconnect(sock);
      hydra_child_exit(0);
+      break;
    default:
      hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
      hydra_child_exit(2);
@ -103,16 +109,14 @@ void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscp
  }
 }

-void service_redis(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
-  service_redis_core(ip, sp, options, miscptr, fp, port, hostname, 0);
-}
+void service_redis(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_redis_core(ip, sp, options, miscptr, fp, port, hostname, 0); }

 /*
 * Initial password authentication test and response test for the redis server,
 * added by Petar Kaleychev <petar.kaleychev@gmail.com>
-* The service_redis_init function is generating ping request as redis-cli (command line interface). 
-* You can use redis-cli to connect with Redis. After start of the redis-server in another terminal the following:
-*    % ./redis-cli
+ * The service_redis_init function is generating ping request as redis-cli
+ * (command line interface). You can use redis-cli to connect with Redis. After
+ * start of the redis-server in another terminal the following: % ./redis-cli
 *    redis> ping
 *    when the server does not require password, leads to:
 *    PONG
@ -120,7 +124,8 @@ void service_redis(char *ip, int32_t sp, unsigned char options, char *miscptr, F
 *    (error) NOAUTH Authentication required.
 *    or
 *    (error) ERR operation not permitted      (for older redis versions)
-* That is used for initial password authentication and redis server response tests in service_redis_init
+ * That is used for initial password authentication and redis server response
+ * tests in service_redis_init
 */
 int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
  // called before the childrens are forked off, so this is the function
@ -128,7 +133,8 @@ int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *mi
  // performed once only.
  // return codes:
  // 0 - when the server is redis and it requires password
-  // 1 - when the server is not redis or when the server does not require password
+  // n - when the server is not redis or when the server does not require
+  // password

  int32_t sock = -1;
  int32_t myport = PORT_REDIS, mysslport = PORT_REDIS_SSL;
@ -147,10 +153,11 @@ int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *mi
    port = mysslport;
  }
  if (verbose)
-    printf("[VERBOSE] Initial redis password authentication test and response test ...\n");
+    printf("[VERBOSE] Initial redis password authentication test and response "
+           "test ...\n");
  if (sock < 0) {
    hydra_report(stderr, "[ERROR] Can not connect to port %d on the target\n", myport);
-    hydra_child_exit(1);
+    return 3;
  }
  // generating ping request as redis-cli
  if (debug)
@ -160,22 +167,22 @@ int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *mi
  //    $4
  //    ping
  if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) {
-    return 1;
+    return 2;
  }
  buf = hydra_receive_line(sock);
  if (debug)
    printf("[DEBUG] buf = %s\n", buf);
  // authentication test
  if (strstr(buf, "+PONG") != NULL) { // the server does not require password
-    hydra_report(stderr, "[!] The server does not require password.\n");
+    hydra_report(stderr, "[!] The server %s does not require password.\n", hostname);
    free(buf);
-    return 1;
+    return 2;
  }
  // server response test
  if (strstr(buf, "-NOAUTH Authentication required") == NULL && strstr(buf, "-ERR operation not permitted") == NULL) {
    hydra_report(stderr, "[ERROR] The server is not redis, exit.\n");
    free(buf);
-    return 1;
+    return 2;
  }
  if (verbose)
    printf("[VERBOSE] The redis server requires password.\n");
--- a/hydra-rexec.c
+++ b/hydra-rexec.c
@ -5,7 +5,6 @@
 #define COMMAND "/bin/ls /"

 extern char *HYDRA_EXIT;
-char *buf;

 int32_t start_rexec(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
  char *empty = "";
@ -89,7 +88,6 @@ void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, F
    default:
      hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
      hydra_child_exit(0);
-
    }
    run = next_run;
  }
--- a/hydra-rlogin.c
+++ b/hydra-rlogin.c
@ -8,11 +8,9 @@ client have to use port from 512 -> 1023 or server is denying the connection
 no memleaks found on 110425
 */

-
 #define TERM "vt100/9600"

 extern char *HYDRA_EXIT;
-char *buf;

 int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
  char *empty = "";
@ -79,7 +77,8 @@ int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, c
      hydra_completed_pair();
    }
  } else {
-    /* if password is asked a second time, it means the pass we provided is wrong */
+    /* if password is asked a second time, it means the pass we provided is
+     * wrong */
    hydra_completed_pair();
  }

--- a/hydra-rpcap.c
+++ b/hydra-rpcap.c
@ -21,7 +21,8 @@ int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, ch
  char bfr4[] = " ";
  bfr4[0] = strlen(login) + strlen(pass) + 8;
  char bfr5[] = "\x00";
-  char bfr6[] = "\x01";   // x01 - when a password is required, x00 - when no need of password
+  char bfr6[] = "\x01"; // x01 - when a password is required, x00 - when no need
+                        // of password
  char bfr7[] = "\x00\x00\x00";
  char bfr8[] = " ";
  bfr8[0] = strlen(login);
@ -59,9 +60,8 @@ int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, ch
  }
  /*
    if (strstr(buf, "Logon failure") == NULL) {
-    hydra_report(stderr, "[ERROR] rpcap error or service shutdown: %s\n", buf);
-    free(buf);
-    return 4;
+      hydra_report(stderr, "[ERROR] rpcap error or service shutdown: %s\n",
+    buf); free(buf); return 4;
    }
  */
  free(buf);
@ -111,6 +111,7 @@ void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, F
      if (sock >= 0)
        sock = hydra_disconnect(sock);
      hydra_child_exit(0);
+      break;
    default:
      hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
      hydra_child_exit(2);
--- a/hydra-rsh.c
+++ b/hydra-rsh.c
@ -11,7 +11,6 @@ no memleaks found on 110425
 */

 extern char *HYDRA_EXIT;
-char *buf;

 int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
  char *empty = "";
--- a/hydra-rtsp.c
+++ b/hydra-rtsp.c
@ -6,19 +6,21 @@
 //
 //

-#include <stdio.h>
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
+
 #include "hydra-mod.h"
-#include <string.h>
 #include "sasl.h"
+#include <stdio.h>
+#include <string.h>

 extern char *HYDRA_EXIT;
-char *buf;
 char packet[500];
 char packet2[500];

 int32_t is_Unauthorized(char *s) {
-
-  if (strstr(s, "401 Unauthorized") != NULL) {
+  if (strcasestr(s, "401 Unauthorized") != NULL) {
    return 1;
  } else {
    return 0;
@ -26,8 +28,7 @@ int32_t is_Unauthorized(char *s) {
 }

 int32_t is_NotFound(char *s) {
-
-  if (strstr(s, "404 Stream Not Found") != NULL) {
+  if (strcasestr(s, "404 Stream") != NULL || strcasestr(s, "404 Not") != NULL) {
    return 1;
  } else {
    return 0;
@ -35,8 +36,7 @@ int32_t is_NotFound(char *s) {
 }

 int32_t is_Authorized(char *s) {
-
-  if (strstr(s, "200 OK") != NULL) {
+  if (strcasestr(s, "200 OK") != NULL) {
    return 1;
  } else {
    return 0;
@ -44,8 +44,7 @@ int32_t is_Authorized(char *s) {
 }

 int32_t use_Basic_Auth(char *s) {
-
-  if (strstr(s, "WWW-Authenticate: Basic") != NULL) {
+  if (strcasestr(s, "WWW-Authenticate: Basic") != NULL) {
    return 1;
  } else {
    return 0;
@ -53,16 +52,13 @@ int32_t use_Basic_Auth(char *s) {
 }

 int32_t use_Digest_Auth(char *s) {
-
-  if (strstr(s, "WWW-Authenticate: Digest") != NULL) {
+  if (strcasestr(s, "WWW-Authenticate: Digest") != NULL) {
    return 1;
  } else {
    return 0;
  }
 }

-
-
 void create_core_packet(int32_t control, char *ip, int32_t port) {
  char *target = hydra_address2string(ip);

@ -79,9 +75,11 @@ void create_core_packet(int32_t control, char *ip, int32_t port) {
 int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
  char *empty = "";
  char *login, *pass, buffer[1030], buffer2[500];
-
  char *lresp;

+  memset(buffer, 0, sizeof(buffer));
+  memset(buffer2, 0, sizeof(buffer2));
+
  if (strlen(login = hydra_get_next_login()) == 0)
    login = empty;
  if (strlen(pass = hydra_get_next_password()) == 0)
@ -95,57 +93,57 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha
  lresp = hydra_receive_line(s);

  if (lresp == NULL) {
-    fprintf(stderr, "[ERROR] no server reply\n");
+    hydra_report(stderr, "[ERROR] no server reply\n");
    return 1;
  }

  if (is_NotFound(lresp)) {
-    printf("[INFO] Server does not need credentials\n");
+    free(lresp);
+    hydra_report(stderr, "[INFO] Server does not need credentials\n");
    hydra_completed_pair_found();
    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
      return 3;
    }
    return 1;
  } else {
-
    create_core_packet(1, ip, port);

-    if (use_Basic_Auth(lresp) == 1) {
-
-      sprintf(buffer2, "%.249s:%.249s", login, pass);
-      hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
-
-      sprintf(buffer, "%.500sAuthorization: : Basic %.500s\r\n\r\n", packet2, buffer2);
-
-      if (debug) {
-        hydra_report(stderr, "C:%s\n", buffer);
-      }
-    }
-
    if (use_Digest_Auth(lresp) == 1) {
-      char *dbuf = NULL;
-      char aux[500] = "";
-
+      char aux[500] = "", dbuf[500] = "", *result = NULL;
      char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest ");

      strncpy(aux, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(aux));
      aux[sizeof(aux) - 1] = '\0';
+      free(lresp);
 #ifdef LIBOPENSSL
-      sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, "");
+      result = sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, "");
 #else
-      printf("[ERROR] Digest auth required but compiled without OpenSSL/MD5 support\n");
+      hydra_report(stderr, "[ERROR] Digest auth required but compiled "
+                           "without OpenSSL/MD5 support\n");
      return 3;
 #endif
-
-      if (dbuf == NULL) {
-        fprintf(stderr, "[ERROR] digest generation failed\n");
+      if (result == NULL) {
+        hydra_report(stderr, "[ERROR] digest generation failed\n");
        return 3;
      }
      sprintf(buffer, "%.500sAuthorization: Digest %.500s\r\n\r\n", packet2, dbuf);
-
-      if (debug) {
+      if (debug)
        hydra_report(stderr, "C:%s\n", buffer);
+    } else if (use_Basic_Auth(lresp) == 1) {
+      free(lresp);
+      sprintf(buffer2, "%.249s:%.249s", login, pass);
+      hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
+      sprintf(buffer, "%.500sAuthorization: : Basic %.500s\r\n\r\n", packet2, buffer2);
+      if (debug)
+        hydra_report(stderr, "C:%s\n", buffer);
+    } else {
+      hydra_report(stderr, "[ERROR] unknown authentication protocol\n");
+      return 1;
    }
+
+    if (strlen(buffer) == 0) {
+      hydra_report(stderr, "[ERROR] could not identify HTTP authentication used\n");
+      return 1;
    }

    if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
@ -153,20 +151,23 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha
    }

    lresp = NULL;
-
    lresp = hydra_receive_line(s);

-    if ((is_NotFound(lresp))) {
+    if (lresp == NULL) {
+      hydra_report(stderr, "[ERROR] no server reply\n");
+      return 1;
+    }

+    if (is_NotFound(lresp) || is_Authorized(lresp)) {
+      free(lresp);
      hydra_completed_pair_found();

      if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
        return 3;
      }
      return 1;
-
-
    }
+    free(lresp);
    hydra_completed_pair();
  }

@ -187,7 +188,6 @@ void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
    return;

  while (1) {
-
    switch (run) {
    case 1: /* connect and service init function */
      if (sock >= 0) {
--- a/hydra-s7-300.c
+++ b/hydra-s7-300.c
@ -1,4 +1,5 @@
-// submitted by Alexander Timorin <ATimorin@ptsecurity.com> and Sergey Gordeychik 
+// submitted by Alexander Timorin <ATimorin@ptsecurity.com> and Sergey
+// Gordeychik

 #include "hydra-mod.h"

@ -6,14 +7,22 @@

 extern char *HYDRA_EXIT;

-unsigned char p_cotp[] = "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17" "\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0" "\x01\x0a";
+unsigned char p_cotp[] = "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17"
+                         "\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0"
+                         "\x01\x0a";

-unsigned char p_s7_negotiate_pdu[] = "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00" "\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00" "\x01\x00\x01\x01\xe0";
+unsigned char p_s7_negotiate_pdu[] = "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00"
+                                     "\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00"
+                                     "\x01\x00\x01\x01\xe0";

-unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" "\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12" "\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01" "\x32\x00\x04";
-
-unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" "\x04\x11\x45\x01\x00\xff\x09\x00\x08";
+unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00"
+                                "\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12"
+                                "\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01"
+                                "\x32\x00\x04";

+unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00"
+                                        "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12"
+                                        "\x04\x11\x45\x01\x00\xff\x09\x00\x08";

 int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
  char *empty = "";
@ -276,7 +285,8 @@ int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *m
  // 0xd602 - wrong password
  if (ret > 30) {
    if ((buffer[27] == '\x00' && buffer[28] == '\x00') || (buffer[27] == '\xd6' && buffer[28] == '\x05')) {
-      hydra_report(stderr, "[INFO] No password protection enabled, no password tests are necessary!\n");
+      hydra_report(stderr, "[INFO] No password protection enabled, no password "
+                           "tests are necessary!\n");
      return 1;
    }
  }
@ -287,5 +297,6 @@ int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *m
 }

 void usage_s7_300(const char *service) {
-  printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n");
+  printf("Module S7-300 is for a special Siemens PLC. It either requires only a "
+         "password or no authentication, so just use the -p or -P option.\n\n");
 }
--- a/hydra-sapr3.c
+++ b/hydra-sapr3.c
@ -1,13 +1,11 @@
 #include "hydra-mod.h"
 // checked for memleaks on 110425, none found
 #ifndef LIBSAPR3
-void dummy_sapr3() {
-  printf("\n");
-}
+void dummy_sapr3() { printf("\n"); }
 #else

-#include <saprfc.h>
 #include <ctype.h>
+#include <saprfc.h>

 /* temporary workaround fix */
 const int32_t *__ctype_tolower;
@ -16,6 +14,7 @@ const int32_t *__ctype_b;

 extern void flood(); /* for -lm */

+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 RFC_ERROR_INFO_EX error_info;

@ -28,7 +27,8 @@ int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, ch
  int32_t sysnr = port % 100;
  char opts[] = "RFCINI=N RFCTRACE=N BALANCE=N DEBUG=N TRACE=0 ABAP_DEBUG=0";

-//  char opts[] = "RFCINI=N RFCTRACE=Y BALANCE=N DEBUG=Y TRACE=Y ABAP_DEBUG=Y";
+  //  char opts[] = "RFCINI=N RFCTRACE=Y BALANCE=N DEBUG=Y TRACE=Y
+  //  ABAP_DEBUG=Y";

  if (strlen(login = hydra_get_next_login()) == 0)
    login = empty;
@ -66,7 +66,8 @@ int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, ch
  // printf ("DEBUG: %d Connectstring \"%s\"\n",sizeof(error_info),buffer);
  handle = RfcOpenEx(buffer, &error_info);

-//printf("DEBUG: handle %d, key %s, message %s\n", handle, error_info.key, error_info.message);
+  // printf("DEBUG: handle %d, key %s, message %s\n", handle, error_info.key,
+  // error_info.message);

  if (handle <= RFC_HANDLE_NULL)
    return 3;
@ -99,6 +100,8 @@ void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, F
    switch (run) {
    case 1: /* connect and service init function */
      next_run = start_sapr3(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
      break;
    case 2:
      hydra_child_exit(0);
@ -131,6 +134,4 @@ int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *mi
  return 0;
 }

-void usage_sapr3(const char* service) {
-  printf("Module sapr3 requires the client id, a number between 0 and 99\n\n");
-}
+void usage_sapr3(const char *service) { printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); }
--- a/hydra-sip.c
+++ b/hydra-sip.c
@ -10,13 +10,11 @@

 #ifndef LIBOPENSSL
 #include <stdio.h>
-void dummy_sip() {
-  printf("\n");
-}
+void dummy_sip() { printf("\n"); }
 #else

-#include <stdint.h>
 #include "sasl.h"
+#include <stdint.h>

 extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);

@ -25,7 +23,6 @@ char *get_iface_ip(uint64_t ip);
 int32_t cseq;
 extern char *HYDRA_EXIT;

-
 #define SIP_MAX_BUF 1024

 void empty_register(char *buf, char *host, char *lhost, int32_t port, int32_t lport, char *user) {
@ -45,13 +42,13 @@ int32_t get_sip_code(char *buf) {
  int32_t code;
  char tmpbuf[SIP_MAX_BUF], word[SIP_MAX_BUF];

-  if (sscanf(buf, "%s %i %s", tmpbuf, &code, word) != 3)
+  if (sscanf(buf, "%256s %i %256s", tmpbuf, &code, word) != 3)
    return -1;
  return code;
 }

 int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, unsigned char options, char *miscptr, FILE *fp) {
-  char *login, *pass, *host, buffer[SIP_MAX_BUF];
+  char *login, *pass, *host, buffer[SIP_MAX_BUF], *result = NULL;
  int32_t i;
  char buf[SIP_MAX_BUF];

@ -94,13 +91,17 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u

        // if we already tried to connect, exit
        if (external_ip_addr[0]) {
-          hydra_report(stdout, "[ERROR] Get error code 606 : session is not acceptable by the server\n");
+          hydra_report(stdout, "[ERROR] Get error code 606 : session is not "
+                               "acceptable by the server\n");
          return 2;
        }

        if (verbose)
-          hydra_report(stdout, "[VERBOSE] Get error code 606 : session is not acceptable by the server,\n"
-                       "maybe it's an addressing issue as you are using NAT, trying to reconnect\n" "using addr from the server reply\n");
+          hydra_report(stdout, "[VERBOSE] Get error code 606 : session is not "
+                               "acceptable by the server,\n"
+                               "maybe it's an addressing issue as you are "
+                               "using NAT, trying to reconnect\n"
+                               "using addr from the server reply\n");
          /*
             SIP/2.0 606 Not Acceptable
             Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137
@ -135,7 +136,9 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u
    hydra_report(stderr, "[INFO] S: %s\n", buf);
  char buffer2[512];

-  sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL);
+  result = sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL);
+  if (result == NULL)
+    return 3;

  memset(buffer, 0, SIP_MAX_BUF);
  snprintf(buffer, SIP_MAX_BUF,
@ -143,7 +146,11 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u
           "Via: SIP/2.0/UDP %s:%i\n"
           "From: <sip:%s@%s>\n"
           "To: <sip:%s@%s>\n"
-           "Call-ID: 1337@%s\n" "CSeq: %i REGISTER\n" "Authorization: Digest %s\n" "Content-Length: 0\n\n", host, lip, lport, login, host, login, host, host, cseq, buffer2);
+           "Call-ID: 1337@%s\n"
+           "CSeq: %i REGISTER\n"
+           "Authorization: Digest %s\n"
+           "Content-Length: 0\n\n",
+           host, lip, lport, login, host, login, host, host, cseq, buffer2);

  cseq++;
  if (debug)
@ -192,7 +199,8 @@ void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL

  // FIXME IPV6
  if (ip[0] != 4) {
-    fprintf(stderr, "[ERROR] sip module is not ipv6 enabled yet, patches are appreciated.\n");
+    fprintf(stderr, "[ERROR] sip module is not ipv6 enabled yet, patches are "
+                    "appreciated.\n");
    hydra_child_exit(2);
  }

--- a/hydra-smb.c
+++ b/hydra-smb.c
@ -1,17 +1,14 @@
 #include "hydra-mod.h"
 #ifndef LIBOPENSSL
-void dummy_smb() {
-  printf("\n");
-}
+void dummy_smb() { printf("\n"); }
 #else
-#include <openssl/md4.h>
-#include <openssl/des.h>
 #include "hmacmd5.h"
 #include "sasl.h"
+#include <openssl/des.h>
+#include <openssl/md4.h>

 // FIXME XXX BUG: several malloc()s without return code checking

-
 /*

 http://technet.microsoft.com/en-us/library/cc960646.aspx
@ -80,18 +77,15 @@ http://technet.microsoft.com/en-us/library/cc960646.aspx
 #define WIN2000_NATIVEMODE 1
 #define WIN_NETBIOSMODE 2

-
 #define PLAINTEXT 10
 #define ENCRYPTED 11

-
 #ifndef CHAR_BIT
 #define CHAR_BIT 8
 #endif

 #ifndef TIME_T_MIN
-#define TIME_T_MIN ((time_t)0 < (time_t) -1 ? (time_t) 0 \
-        : ~ (time_t) 0 << (sizeof (time_t) * CHAR_BIT - 1))
+#define TIME_T_MIN ((time_t)0 < (time_t)-1 ? (time_t)0 : ~(time_t)0 << (sizeof(time_t) * CHAR_BIT - 1))
 #endif
 #ifndef TIME_T_MAX
 #define TIME_T_MAX (~(time_t)0 - TIME_T_MIN)
@ -102,7 +96,6 @@ http://technet.microsoft.com/en-us/library/cc960646.aspx

 #define TIME_FIXUP_CONSTANT_INT 11644473600LL

-
 extern char *HYDRA_EXIT;
 static unsigned char challenge[8];
 static unsigned char workgroup[16];
@ -113,8 +106,7 @@ int32_t hashFlag, accntFlag, protoFlag;
 int32_t smb_auth_mechanism = AUTH_NTLM;
 int32_t security_mode = ENCRYPTED;

-static size_t UTF8_UTF16LE(unsigned char *in, int32_t insize, unsigned char *out, int32_t outsize)
-{
+static size_t UTF8_UTF16LE(unsigned char *in, int32_t insize, unsigned char *out, int32_t outsize) {
  int32_t i = 0, j = 0;
  uint64_t ch;
  if (debug) {
@ -145,7 +137,8 @@ static size_t UTF8_UTF16LE(unsigned char *in, int32_t insize, unsigned char *out
      j = j + 4;
      i = i + 3;
    }
-      if ( j-2 > outsize) break;
+    if (j - 2 > outsize)
+      break;
  }
  if (debug) {
    hydra_report(stderr, "[DEBUG] UTF8_UTF16LE out:\n");
@ -295,7 +288,6 @@ int32_t HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *chall
  return 0;
 }

-
 /*
  MakeNTLM
  Function: Create a NTLM hash from the password
@ -312,7 +304,8 @@ int32_t MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) {

  /* Use NTLM Hash instead of password */
  if (hashFlag == 1) {
-    /* 1000:D42E35E1A1E4C22BD32E2170E4857C20:5E20780DD45857A68402938C7629D3B2::: */
+    /* 1000:D42E35E1A1E4C22BD32E2170E4857C20:5E20780DD45857A68402938C7629D3B2:::
+     */
    p = pass;
    while ((*p != '\0') && (i < 1)) {
      if (*p == ':')
@ -379,9 +372,9 @@ int32_t MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) {
 /*
  HashLMv2

-  This function implements the LMv2 response algorithm. The LMv2 response is used to 
-  provide pass-through authentication compatibility with older servers. The response
-  is based on the NTLM password hash and is exactly 24 bytes.
+  This function implements the LMv2 response algorithm. The LMv2 response is
+  used to provide pass-through authentication compatibility with older servers.
+  The response is based on the NTLM password hash and is exactly 24 bytes.

  The below code is based heavily on the following resources:

@ -411,16 +404,17 @@ int32_t HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char
    return -1;

  /*
-     The Unicode uppercase username is concatenated with the Unicode authentication target
-     (the domain or server name specified in the Target Name field of the Type 3 message).
-     Note that this calculation always uses the Unicode representation, even if OEM encoding
-     has been negotiated; also note that the username is converted to uppercase, while the
-     authentication target is case-sensitive and must match the case presented in the Target
+     The Unicode uppercase username is concatenated with the Unicode
+     authentication target (the domain or server name specified in the Target
+     Name field of the Type 3 message). Note that this calculation always uses
+     the Unicode representation, even if OEM encoding has been negotiated; also
+     note that the username is converted to uppercase, while the authentication
+     target is case-sensitive and must match the case presented in the Target
     Name field.

-     The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to
-     this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the
-     NTLMv2 hash.
+     The HMAC-MD5 message authentication code algorithm (described in RFC 2104)
+     is applied to this value using the 16-byte NTLM hash as the key. This
+     results in a 16-byte value - the NTLMv2 hash.
   */

  /* Initialize the Unicode version of the username and target. */
@ -445,9 +439,10 @@ int32_t HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char

  /* --- HMAC #2 Calculations --- */
  /*
-     The challenge from the Type 2 message is concatenated with our fixed client nonce. The HMAC-MD5 
-     message authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash 
-     (calculated above) as the key. This results in a 16-byte output value.
+     The challenge from the Type 2 message is concatenated with our fixed client
+     nonce. The HMAC-MD5 message authentication code algorithm is applied to
+     this value using the 16-byte NTLMv2 hash (calculated above) as the key.
+     This results in a 16-byte output value.
   */

  hmac_md5_init_limK_to_64(kr_buf, 16, &ctx);
@ -468,12 +463,13 @@ int32_t HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char
 /*
  HashNTLMv2

-  This function implements the NTLMv2 response algorithm. Support for this algorithm
-  was added with Microsoft Windows with NT 4.0 SP4. It should be noted that code doesn't
-  currently work with Microsoft Vista. While NTLMv2 authentication with Samba and Windows
-  2003 functions as expected, Vista systems respond with the oh-so-helpful 
-  "INVALID_PARAMETER" error code. LMv2-only authentication appears to work against Vista 
-  in cases where LM and NTLM are refused. 
+  This function implements the NTLMv2 response algorithm. Support for this
+  algorithm was added with Microsoft Windows with NT 4.0 SP4. It should be noted
+  that code doesn't currently work with Microsoft Vista. While NTLMv2
+  authentication with Samba and Windows 2003 functions as expected, Vista
+  systems respond with the oh-so-helpful "INVALID_PARAMETER" error code.
+  LMv2-only authentication appears to work against Vista in cases where LM and
+  NTLM are refused.

  The below code is based heavily on the following two resources:

@ -503,20 +499,15 @@ int32_t HashNTLMv2(unsigned char **NTLMv2hash, int32_t *iByteCount, unsigned cha

     [16]      Header: Blob Signature [01 01 00 00] (4 bytes)
     [20]      Reserved: [00 00 00 00] (4 bytes)
-     [24]      Time: Little-endian, 64-bit signed value representing the number of
-     tenths of a microsecond since January 1, 1601. (8 bytes)
-     [32]      Client Nonce: (8 bytes)
-     [40]      Unknown: 00 00 00 00 (4 bytes)
-     [44]      Target Information (from the Type 2 message)    
-     NetBIOS domain/workgroup:
-     Type: domain 02 00 (2 bytes)
-     Length: 12 00 (2 bytes)
-     Name: WORKGROUP [NULL spacing -> 57 00 4f 00 ...] (18 bytes)  
-     End-of-list: 00 00 00 00 (4 bytes)
+     [24]      Time: Little-endian, 64-bit signed value representing the number
+     of tenths of a microsecond since January 1, 1601. (8 bytes) [32] Client
+     Nonce: (8 bytes) [40]      Unknown: 00 00 00 00 (4 bytes) [44]      Target
+     Information (from the Type 2 message) NetBIOS domain/workgroup: Type:
+     domain 02 00 (2 bytes) Length: 12 00 (2 bytes) Name: WORKGROUP [NULL
+     spacing -> 57 00 4f 00 ...] (18 bytes) End-of-list: 00 00 00 00 (4 bytes)
     Termination: 00 00 00 00 (4 bytes)
   */

-
  iTargetLen = 2 * strlen((char *)workgroup);

  memset(ntlm_hash, 0, 16);
@ -531,16 +522,17 @@ int32_t HashNTLMv2(unsigned char **NTLMv2hash, int32_t *iByteCount, unsigned cha
    return -1;

  /*
-     The Unicode uppercase username is concatenated with the Unicode authentication target
-     (the domain or server name specified in the Target Name field of the Type 3 message).
-     Note that this calculation always uses the Unicode representation, even if OEM encoding
-     has been negotiated; also note that the username is converted to uppercase, while the
-     authentication target is case-sensitive and must match the case presented in the Target
+     The Unicode uppercase username is concatenated with the Unicode
+     authentication target (the domain or server name specified in the Target
+     Name field of the Type 3 message). Note that this calculation always uses
+     the Unicode representation, even if OEM encoding has been negotiated; also
+     note that the username is converted to uppercase, while the authentication
+     target is case-sensitive and must match the case presented in the Target
     Name field.

-     The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to
-     this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the
-     NTLMv2 hash.
+     The HMAC-MD5 message authentication code algorithm (described in RFC 2104)
+     is applied to this value using the 16-byte NTLM hash as the key. This
+     results in a 16-byte value - the NTLMv2 hash.
   */

  /* Initialize the Unicode version of the username and target. */
@ -606,7 +598,8 @@ int32_t HashNTLMv2(unsigned char **NTLMv2hash, int32_t *iByteCount, unsigned cha
     0x0300 Fully-qualified DNS host name
     0x0400 DNS domain name

-     TODO: Need to rework negotiation code to correctly extract target information
+     TODO: Need to rework negotiation code to correctly extract target
+     information
   */

  memset(ntlmv2_response + 44, 0x02, 1); /* Type: Domain */
@ -623,9 +616,10 @@ int32_t HashNTLMv2(unsigned char **NTLMv2hash, int32_t *iByteCount, unsigned cha
  /* --- HMAC #2 Caculations --- */

  /*
-     The challenge from the Type 2 message is concatenated with the blob. The HMAC-MD5 message 
-     authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash 
-     (calculated above) as the key. This results in a 16-byte output value.
+     The challenge from the Type 2 message is concatenated with the blob. The
+     HMAC-MD5 message authentication code algorithm is applied to this value
+     using the 16-byte NTLMv2 hash (calculated above) as the key. This results
+     in a 16-byte output value.
   */

  hmac_md5_init_limK_to_64(kr_buf, 16, &ctx);
@ -716,7 +710,6 @@ int32_t NBSSessionRequest(int32_t s) {
    return -1; /* failed */
 }

-
 /*
   SMBNegProt
   Function: Negotiate protocol with server ...
@ -728,31 +721,9 @@ int32_t NBSSessionRequest(int32_t s) {
 */
 int32_t SMBNegProt(int32_t s) {
  unsigned char buf[] = {
-    0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42,
-    0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc0,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x7d,
-    0x00, 0x00, 0x01, 0x00, 0x00, 0x9b, 0x00, 0x02,
-    0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f,
-    0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52,
-    0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02,
-    0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46,
-    0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52,
-    0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00,
-    0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f,
-    0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f,
-    0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00,
-    0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31,
-    0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e,
-    0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x44,
-    0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41,
-    0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41,
-    0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00,
-    0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02,
-    0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41,
-    0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e,
-    0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31,
-    0x32, 0x00
+      0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, 0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x7d, 0x00, 0x00, 0x01, 0x00, 0x00, 0x9b, 0x00, 0x02, 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4d,
+      0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, 0x32, 0x58,
+      0x30, 0x30, 0x32, 0x00, 0x02, 0x44, 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00

      /*
      0x02,
@ -799,7 +770,6 @@ int32_t SMBNegProt(int32_t s) {
    iResponseOffset = 65;
  }

-
  hydra_send(s, (char *)buf, iLength, 0);
  k = hydra_recv(s, (char *)rbuf, sizeof(rbuf));
  if (k == 0)
@ -807,10 +777,11 @@ int32_t SMBNegProt(int32_t s) {

  /* retrieve the security mode */
  /*
-     [0] Mode:       (0) ?                                 (1) USER security mode 
-     [1] Password:   (0) PLAINTEXT password                (1) ENCRYPTED password. Use challenge/response
-     [2] Signatures: (0) Security signatures NOT enabled   (1) ENABLED
-     [3] Sig Req:    (0) Security signatures NOT required  (1) REQUIRED
+     [0] Mode:       (0) ?                                 (1) USER security
+     mode [1] Password:   (0) PLAINTEXT password                (1) ENCRYPTED
+     password. Use challenge/response [2] Signatures: (0) Security signatures
+     NOT enabled   (1) ENABLED [3] Sig Req:    (0) Security signatures NOT
+     required  (1) REQUIRED

     SAMBA: 0x01 (default)
     WinXP: 0x0F (default)
@ -825,18 +796,21 @@ int32_t SMBNegProt(int32_t s) {

    if (hashFlag == 1) {
      if (verbose)
-        hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. HASH password mode not supported for this configuration.\n");
+        hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. HASH "
+                             "password mode not supported for this configuration.\n");
      return 3;
    }
    if (hashFlag == 2) {
      if (verbose)
-        hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. MACHINE password mode not supported for this configuration.\n");
+        hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. MACHINE "
+                             "password mode not supported for this configuration.\n");
      return 3;
    }
    break;
  case 0x03:
    if (verbose)
-      hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password without security signatures.\n");
+      hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password "
+                           "without security signatures.\n");
    security_mode = ENCRYPTED;
    break;
  case 0x07:
@ -847,7 +821,10 @@ int32_t SMBNegProt(int32_t s) {
    break;
  default:
    if (verbose)
-      hydra_report(stderr, "[VERBOSE] Unknown security mode request: %2.2X. Proceeding using ENCRYPTED password mode.\n", rbuf[39]);
+      hydra_report(stderr,
+                   "[VERBOSE] Unknown security mode request: %2.2X. Proceeding "
+                   "using ENCRYPTED password mode.\n",
+                   rbuf[39]);
    security_mode = ENCRYPTED;
    break;
  }
@ -886,8 +863,6 @@ int32_t SMBNegProt(int32_t s) {
  return 2;
 }

-
-
 /*
  SMBSessionSetup
  Function: Send username + response to the challenge from
@ -927,18 +902,39 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char *

  /* SMB Header */
  unsigned char szSMB[32] = {
-    0xff, 0x53, 0x4d, 0x42,     /* Server Component */
+      0xff,
+      0x53,
+      0x4d,
+      0x42, /* Server Component */
      0x73, /* SMB Command: Session Setup AndX */
-    0x00, 0x00, 0x00, 0x00,     /* NT Status: STATUS_SUCCESS */
+      0x00,
+      0x00,
+      0x00,
+      0x00, /* NT Status: STATUS_SUCCESS */
      0x08, /* Flags */
-    0x01, 0xc0,                 /* Flags2 */ /* add Unicode */
-    0x00, 0x00,                 /* Process ID High */
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* Signature */
-    0x00, 0x00,                 /* Reserved */
-    0x00, 0x00,                 /* Tree ID */
-    0x13, 0x37,                 /* Process ID */
-    0x00, 0x00,                 /* User ID */
-    0x01, 0x00                  /* Multiplx ID */
+      0x01,
+      0xc0,
+      /* Flags2 */ /* add Unicode */
+      0x00,
+      0x00, /* Process ID High */
+      0x00,
+      0x00,
+      0x00,
+      0x00,
+      0x00,
+      0x00,
+      0x00,
+      0x00, /* Signature */
+      0x00,
+      0x00, /* Reserved */
+      0x00,
+      0x00, /* Tree ID */
+      0x13,
+      0x37, /* Process ID */
+      0x00,
+      0x00, /* User ID */
+      0x01,
+      0x00 /* Multiplx ID */
  };

  memset(buf, 0, 512);
@ -993,16 +989,33 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char *
          0x0d, /* Word Count */
          0xff, /* AndXCommand: No further commands */
          0x00, /* Reserved */
-        0x00, 0x00,             /* AndXOffset */
-        0xff, 0xff,             /* Max Buffer */
-        0x02, 0x00,             /* Max Mpx Count */
-        0x3c, 0x7d,             /* VC Number */
-        0x00, 0x00, 0x00, 0x00, /* Session Key */
-        0x18, 0x00,             /* LAN Manager Password Hash Length */
-        0x18, 0x00,             /* NT LAN Manager Password Hash Length */
-        0x00, 0x00, 0x00, 0x00, /* Reserved */
-        0x5c, 0x00, 0x00, 0x00, /* Capabilities */ /* Add Unicode */
-        0x49, 0x00              /* Byte Count -- MUST SET */
+          0x00,
+          0x00, /* AndXOffset */
+          0xff,
+          0xff, /* Max Buffer */
+          0x02,
+          0x00, /* Max Mpx Count */
+          0x3c,
+          0x7d, /* VC Number */
+          0x00,
+          0x00,
+          0x00,
+          0x00, /* Session Key */
+          0x18,
+          0x00, /* LAN Manager Password Hash Length */
+          0x18,
+          0x00, /* NT LAN Manager Password Hash Length */
+          0x00,
+          0x00,
+          0x00,
+          0x00, /* Reserved */
+          0x5c,
+          0x00,
+          0x00,
+          0x00,
+          /* Capabilities */ /* Add Unicode */
+          0x49,
+          0x00 /* Byte Count -- MUST SET */
      };

      iOffset = 65;    /* szNBSS + szSMB + szSessionRequest */
@ -1016,7 +1029,8 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char *
        return -1;
      memset(NTLMhash, 0, 24);

-      /* We don't need to actually calculated a LM hash for this mode, only NTLM */
+      /* We don't need to actually calculated a LM hash for this mode, only NTLM
+       */
      ret = HashNTLM(&NTLMhash, (unsigned char *)szPassword, (unsigned char *)challenge, miscptr);
      if (ret == -1)
        return -1;
@ -1134,7 +1148,8 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char *
    memcpy(buf + 36, szSessionRequest, 23);

    /* Calculate and set password length */
-    /* Samba appears to append NULL characters equal to the password length plus 2 */
+    /* Samba appears to append NULL characters equal to the password length plus
+     * 2 */
    // iByteCount = 2 * strlen(szPassword) + 2;
    iByteCount = strlen(szPassword) + 1;
    buf[iOffset - 8] = (iByteCount) % 256;
@ -1142,19 +1157,22 @@ unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char *

    /* set ANSI password */
    /*
-       Depending on the SAMBA server configuration, multiple passwords may be successful
-       when dealing with mixed-case values. The SAMBA parameter "password level" appears
-       to determine how many characters within a password are tested by the server both  
-       upper and lower case. For example, assume a SAMBA account has a password of "Fred" 
-       and the server is configured with "password level = 2". Medusa sends the password
-       "FRED". The SAMBA server will brute-force test this value for us with values
-       like: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ... The default setting
-       is "password level = 0". This results in only two attempts to being made by the 
-       remote server; the password as is and the password in all-lower case.
+       Depending on the SAMBA server configuration, multiple passwords may be
+       successful when dealing with mixed-case values. The SAMBA parameter
+       "password level" appears to determine how many characters within a
+       password are tested by the server both upper and lower case. For example,
+       assume a SAMBA account has a password of "Fred" and the server is
+       configured with "password level = 2". Medusa sends the password "FRED".
+       The SAMBA server will brute-force test this value for us with values
+       like: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ... The default
+       setting is "password level = 0". This results in only two attempts to
+       being made by the remote server; the password as is and the password in
+       all-lower case.
     */
    strncpy((char *)(buf + iOffset), szPassword, 256);
  } else {
-    hydra_report(stderr, "[ERROR] Security_mode was not properly set. This should not happen.\n");
+    hydra_report(stderr, "[ERROR] Security_mode was not properly set. This "
+                         "should not happen.\n");
    return -1;
  }

@ -1212,7 +1230,7 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char
  if (strlen(pass = hydra_get_next_password()) == 0)
    pass = empty;

-  strcpy(ipaddr_str, hydra_address2string(ip));
+  strncpy(ipaddr_str, hydra_address2string(ip), sizeof(ipaddr_str) - 1);

  SMBSessionRet = SMBSessionSetup(s, login, pass, miscptr);
  if (SMBSessionRet == -1)
@ -1230,55 +1248,69 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char

  if (SMBerr == 0x000000) {  /* success */
    if (SMBaction == 0x01) { /* invalid account - anonymous connection */
-      fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Invalid account (Anonymous success)\n", port, ipaddr_str, login);
+      fprintf(stderr,
+              "[%d][smb] Host: %s Account: %s Error: Invalid account "
+              "(Anonymous success)\n",
+              port, ipaddr_str, login);
      hydra_completed_pair_skip();
    } else { /* valid account */
      hydra_report_found_host(port, ip, "smb", fp);
      hydra_completed_pair_found();
    }
  } else if ((SMBerr == 0x00000D) && (SMBaction == 0x00)) {
-    hydra_report(stderr, "[ERROR] Invalid parameter status received, either the account or the method used are not valid\n");
+    hydra_report(stderr, "[ERROR] Invalid parameter status received, either "
+                         "the account or the method used are not valid\n");
    hydra_completed_pair_skip();
-  } else if (SMBerr == 0x00006E) {      /* Valid password, GPO Disabling Remote Connections Using NULL Passwords */
-    if (verbose)
-      hydra_report(stderr, "[VERBOSE] Valid password, GPO Disabling Remote Connections Using NULL Passwords\n");
+  } else if (SMBerr == 0x00006E) { /* Valid password, GPO Disabling Remote
+                                      Connections Using NULL Passwords */
+    hydra_report(stdout,
+                 "[%d][smb] Host: %s Account: %s Valid password, GPO Disabling "
+                 "Remote Connections Using NULL Passwords\n",
+                 port, ipaddr_str, login);
    hydra_report_found_host(port, ip, "smb", fp);
    hydra_completed_pair_found();
-  } else if (SMBerr == 0x00015B) {      /* Valid password, GPO "Deny access to this computer from the network" */
-    if (verbose)
-      hydra_report(stderr, "[VERBOSE] Valid password, GPO Deny access to this computer from the network\n");
+  } else if (SMBerr == 0x00015B) { /* Valid password, GPO "Deny access to this
+                                      computer from the network" */
+    hydra_report(stdout,
+                 "[%d][smb] Host: %s Account: %s Valid password, GPO Deny "
+                 "access to this computer from the network\n",
+                 port, ipaddr_str, login);
    hydra_report_found_host(port, ip, "smb", fp);
    hydra_completed_pair_found();
  } else if (SMBerr == 0x000193) { /* Valid password, account expired  */
-    if (verbose)
-      hydra_report(stderr, "[VERBOSE] Valid password, account expired\n");
+    hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, account expired\n", port, ipaddr_str, login);
    hydra_report_found_host(port, ip, "smb", fp);
-    hydra_completed_pair_found();
-  } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) {    /* Valid password, account expired  */
-    if (verbose)
-      hydra_report(stderr, "[VERBOSE] Valid password, password expired and must be changed on next logon\n");
+    hydra_completed_pair_skip();
+  } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, password expired  */
+    hydra_report(stdout,
+                 "[%d][smb] Host: %s Account: %s Valid password, password "
+                 "expired and must be changed on next logon\n",
+                 port, ipaddr_str, login);
    hydra_report_found_host(port, ip, "smb", fp);
    hydra_completed_pair_found();
  } else if ((SMBerr == 0x00006F) || (SMBerr == 0xC10002)) { /* Invalid logon hours  */
-    if (verbose)
-      hydra_report(stderr, "[VERBOSE] Valid password, but logon hours invalid\n");
+    hydra_report(stdout,
+                 "[%d][smb] Host: %s Account: %s Valid password, but logon "
+                 "hours invalid\n",
+                 port, ipaddr_str, login);
    hydra_report_found_host(port, ip, "smb", fp);
    hydra_completed_pair_found();
  } else if (SMBerr == 0x050001) { /* AS/400 -- Incorrect password */
-    if (verbose)
-      fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Incorrect password or account disabled\n", port, ipaddr_str, login);
+    hydra_report(stdout,
+                 "[%d][smb] Host: %s Account: %s Error: Incorrect password or "
+                 "account disabled\n",
+                 port, ipaddr_str, login);
    if ((miscptr) && (strstr(miscptr, "LM")))
      hydra_report(stderr, "[INFO] LM dialect may be disabled, try LMV2 instead\n");
    hydra_completed_pair_skip();
  } else if (SMBerr == 0x000024) { /* change password on next login [success] */
-    fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login);
+    hydra_report(stdout, "[%d][smb] Host: %s Account: %s Information: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login);
    hydra_completed_pair_found();
  } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */
    hydra_completed_pair();
  } else if (SMBerr == 0x000071) { /* password expired */
-    if (verbose)
-      fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: PASSWORD EXPIRED\n", port, ipaddr_str, login);
-    hydra_completed_pair_skip();
+    hydra_report(stdout, "[%d][smb] Host: %s Account: %s Information: PASSWORD EXPIRED\n", port, ipaddr_str, login);
+    hydra_completed_pair_found();
  } else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled */ /* BF0002 on w2k */
    if (verbose)
      fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_DISABLED\n", port, ipaddr_str, login);
@ -1289,7 +1321,10 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char
    hydra_completed_pair_skip();
  } else if (SMBerr == 0x00008D) { /* ummm... broken client-domain membership  */
    if (verbose)
-      fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE\n", port, ipaddr_str, login);
+      fprintf(stderr,
+              "[%d][smb] Host: %s Account: %s Error: "
+              "NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE\n",
+              port, ipaddr_str, login);
    hydra_completed_pair();
  } else { /* failed */
    if (verbose)
@ -1394,14 +1429,16 @@ void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
          port = PORT_SMBNT;
          protoFlag = WIN2000_NATIVEMODE;
        } else {
-          hydra_report(stderr, "Failed to establish WIN2000_NATIVE mode. Attempting WIN_NETBIOS mode.\n");
+          hydra_report(stderr, "Failed to establish WIN2000_NATIVE mode. "
+                               "Attempting WIN_NETBIOS mode.\n");
          port = PORT_SMB;
          protoFlag = WIN_NETBIOSMODE;
          sock = hydra_connect_tcp(ip, PORT_SMB);
        }
      }
      if (sock < 0) {
-        if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t) getpid());
+        if (quiet != 1)
+          fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid());
        hydra_child_exit(1);
      }
      if (NBSSessionRequest(sock) < 0) {
@ -1439,33 +1476,9 @@ int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *misc
  //   -1  error, hydra will exit, so print a good error message here
  time_t ctime;
  int ready = 0, sock = hydra_connect_tcp(ip, port);
-  unsigned char buf[] = {
-    0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42,
-    0x72, 0x00, 0x00, 0x00, 0x00, 0x18, 0x43, 0xc8,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe, 0xff,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x9b, 0x00, 0x02,
-    0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f,
-    0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52,
-    0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02,
-    0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46,
-    0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52,
-    0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00,
-    0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f,
-    0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f,
-    0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00,
-    0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31,
-    0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e,
-    0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x44,
-    0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41,
-    0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41,
-    0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00,
-    0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02,
-    0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41,
-    0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e,
-    0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31,
-    0x32, 0x00  };
-
+  unsigned char buf[] = {0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, 0x72, 0x00, 0x00, 0x00, 0x00, 0x18, 0x43, 0xc8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x9b, 0x00, 0x02, 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4d,
+                         0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, 0x32, 0x58,
+                         0x30, 0x30, 0x32, 0x00, 0x02, 0x44, 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00};

  if (sock < 0) {
    fprintf(stderr, "[ERROR] could not connect to target smb://%s:%d/\n", hostname, port);
@ -1480,7 +1493,7 @@ int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *misc
  ctime = time(NULL);
  do {
    usleepn(300);
-  } while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 <= time(NULL));
+  } while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 >= time(NULL));

  if (ready <= 0) {
    fprintf(stderr, "[ERROR] no reply from target smb://%s:%d/\n", hostname, port);
@ -1500,7 +1513,10 @@ int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *misc
  }

  if ((buf[15] & 16) == 16) {
-    fprintf(stderr, "[ERROR] target smb://%s:%d/ requires signing which we do not support\n", hostname, port);
+    fprintf(stderr,
+            "[ERROR] target smb://%s:%d/ requires signing which we do not "
+            "support\n",
+            hostname, port);
    return -1;
  }

@ -1508,7 +1524,8 @@ int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *misc
 }

 void usage_smb(const char *service) {
-  printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n"
+  printf("Module smb default value is set to test both local and domain account, "
+         "using a simple password with NTLM dialect.\n"
         "Note: you can set the group type using LOCAL or DOMAIN keyword\n"
         "      or other_domain:{value} to specify a trusted domain.\n"
         "      you can set the password type using HASH or MACHINE keyword\n"
@ -1516,6 +1533,9 @@ void usage_smb(const char* service) {
         "      you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n"
         "Example: \n"
         "      hydra smb://microsoft.com  -l admin -p tooeasy -m \"local lmv2\"\n"
-         "      hydra smb://microsoft.com  -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n"
-         "      hydra smb://microsoft.com  -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n");
+         "      hydra smb://microsoft.com  -l admin -p "
+         "D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m "
+         "\"local hash\"\n"
+         "      hydra smb://microsoft.com  -l admin -p tooeasy -m "
+         "\"other_domain:SECONDDOMAIN\"\n\n");
 }
--- a/hydra-smb2.c
+++ b/hydra-smb2.c
@ -0,0 +1,321 @@
+/**
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ *
+ * Copyright (C) 2021 Karim Kanso, all rights reserved.
+ *  kaz 'dot' kanso 'at' g mail 'dot' com
+ */
+
+#if defined(LIBSMBCLIENT)
+
+#include "hydra-mod.h"
+
+#include <errno.h>
+#include <libsmbclient.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <string.h>
+
+extern hydra_option hydra_options;
+extern char *HYDRA_EXIT;
+
+typedef struct creds {
+  const char *workgroup;
+  const char *user;
+  const char *pass;
+} creds_t;
+
+const char default_workgroup[] = "WORKGROUP";
+bool use_nt_hash = false;
+const char *workgroup = default_workgroup;
+const char *netbios_name = NULL;
+
+#define EXIT_PROTOCOL_ERROR hydra_child_exit(2)
+#define EXIT_CONNECTION_ERROR hydra_child_exit(1)
+#define EXIT_NORMAL hydra_child_exit(0)
+
+void smb2_auth_provider(SMBCCTX *c, const char *srv, const char *shr, char *wg, int wglen, char *un, int unlen, char *pw, int pwlen) {
+  creds_t *cr = (creds_t *)smbc_getOptionUserData(c);
+  strncpy(wg, cr->workgroup, wglen);
+  strncpy(un, cr->user, unlen);
+  strncpy(pw, cr->pass, pwlen);
+  wg[wglen - 1] = 0;
+  un[unlen - 1] = 0;
+  pw[pwlen - 1] = 0;
+}
+
+bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) {
+  SMBCCTX *ctx = smbc_new_context();
+  if (ctx == NULL) {
+    hydra_report(stderr, "[ERROR] failed to create context\n");
+    EXIT_PROTOCOL_ERROR;
+  }
+  // samba internal debugging will be dumped to stderr
+  smbc_setDebug(ctx, debug ? 7 : 0);
+  smbc_setOptionDebugToStderr(ctx, true);
+  smbc_setFunctionAuthDataWithContext(ctx, smb2_auth_provider);
+  smbc_setOptionUserData(ctx, cr);
+  // 0 will use default port
+  smbc_setPort(ctx, port);
+  smbc_setOptionNoAutoAnonymousLogin(ctx, false);
+  smbc_setOptionUseNTHash(ctx, use_nt_hash);
+  if (netbios_name) {
+    smbc_setNetbiosName(ctx, (char *)netbios_name);
+  }
+
+  ctx = smbc_init_context(ctx);
+  if (!ctx) {
+    hydra_report(stderr, "[ERROR] smbc_init_context fail\n");
+    smbc_free_context(ctx, 1);
+    EXIT_PROTOCOL_ERROR;
+  }
+
+  char uri[2048];
+  snprintf(uri, sizeof(uri) - 1, "smb://%s/IPC$", server);
+  uri[sizeof(uri) - 1] = 0;
+  if (verbose) {
+    printf("[INFO] Connecting to: %s with %s\\%s%%%s\n", uri, cr->workgroup, cr->user, cr->pass);
+  }
+  SMBCFILE *fd = smbc_getFunctionOpendir(ctx)(ctx, uri);
+  if (fd) {
+    hydra_report(stderr, "[WARNING] Unexpected open on IPC$\n");
+    smbc_getFunctionClosedir(ctx)(ctx, fd);
+    smbc_free_context(ctx, 1);
+    fd = NULL;
+    return true;
+  }
+
+  /*
+    errno is set to 22 (EINVAL) when IPC$ as been opened but can not
+    be opened like a normal share. This corresponds to samba error
+    NT_STATUS_INVALID_INFO_CLASS, however this precise error code is
+    not available outside of the library. Thus, instead the library
+    sets a generic error (EINVAL) which can also correspond to other
+    cases (see below test).
+
+    This is not ideal, but appears to be the best that the
+    libsmbclient library offers as detailed state information is
+    internalised and not available. Further, it is also not possible
+    from the api to separate the connection, authentication and
+    authorisation.
+
+    The following text is taken from the libsmbclient header file for
+    the return value of the smbc_getFunctionOpendir function:
+
+        Valid directory handle. < 0 on error with errno set:
+        - EACCES Permission denied.
+        - EINVAL A NULL file/URL was passed, or the URL would
+        not parse, or was of incorrect form or smbc_init not
+        called.
+        - ENOENT durl does not exist, or name is an
+        - ENOMEM Insufficient memory to complete the
+        operation.
+        - ENOTDIR name is not a directory.
+        - EPERM the workgroup could not be found.
+        - ENODEV the workgroup or server could not be found.
+
+  */
+  switch (errno) {
+  case 0:
+    // maybe false positive? unclear ... :( ... needs more testing
+    smbc_free_context(ctx, 1);
+    return true;
+    break;
+  case ENOENT:
+    // Noticed this when connecting to older samba servers on linux
+    // where any credentials are accepted.
+    hydra_report(stderr, "[WARNING] %s might accept any credential\n", server);
+  case EINVAL: // 22
+    // probably password ok, nominal case when connecting to a windows
+    // smb server with good credentials.
+    smbc_free_context(ctx, 1);
+    return true;
+    break;
+  case EPERM:
+    // Probably this means access denied inspite of mention above
+    // about being related to wrong workgroup. I have observed
+    // libsmbclient emitting this when connecting to a vanilla install
+    // of Windows 2019 server (non-domain) with wrong credentials. It
+    // appears related to a fallback null session being rejected after
+    // the library tries with provided credentials. If the null
+    // session is accepted, EACCES is returned.
+  case EACCES:
+    // 100% access denied
+    break;
+  case EHOSTUNREACH:
+  case ETIMEDOUT:
+  case ECONNREFUSED:
+    // there are probably more codes that could be added here to
+    // indicate connection errors.
+    hydra_report(stderr, "[ERROR] Error %s (%d) while connecting to %s\n", strerror(errno), errno, server);
+    smbc_free_context(ctx, 1);
+    EXIT_CONNECTION_ERROR;
+    break;
+  default:
+    // unexpected error
+    hydra_report(stderr, "[ERROR] %s (%d)\n", strerror(errno), errno);
+    smbc_free_context(ctx, 1);
+    EXIT_PROTOCOL_ERROR;
+  }
+
+  smbc_free_context(ctx, 1);
+  return false;
+}
+
+void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
+  static int first_run = 0;
+  hydra_register_socket(sp);
+
+  while (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT))) {
+    char *login, *pass;
+
+    if (first_run && hydra_options.conwait)
+      sleep(hydra_options.conwait);
+
+    login = hydra_get_next_login();
+    pass = hydra_get_next_password();
+
+    creds_t cr = {
+        .user = login,
+        .pass = pass,
+        .workgroup = workgroup,
+    };
+
+    if (smb2_run_test(&cr, hydra_address2string(ip), port & 0xffff)) {
+      hydra_completed_pair_found();
+    } else {
+      hydra_completed_pair();
+    }
+
+    first_run = 1;
+  }
+  EXIT_NORMAL;
+}
+
+// constants used by option parser
+const char tkn_workgroup[] = "workgroup:{";
+const char tkn_nthash_true[] = "nthash:true";
+const char tkn_nthash_false[] = "nthash:false";
+const char tkn_netbios[] = "netbios:{";
+
+#define CMP(s1, s2) (strncmp(s1, s2, sizeof(s1) - 1) == 0)
+
+int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
+  if (!miscptr)
+    return 0;
+
+  while (*miscptr) {
+    if (isspace(*miscptr)) {
+      miscptr++;
+      continue;
+    }
+    if (CMP(tkn_workgroup, miscptr)) {
+      if (workgroup != default_workgroup) {
+        // miscptr has already been processed, goto end
+        miscptr += strlen(miscptr) + 1;
+        continue;
+      }
+      miscptr += sizeof(tkn_workgroup) - 1;
+      char *p = strchr(miscptr, '}');
+      if (p == NULL) {
+        hydra_report(stderr, "[ERROR] missing closing brace in workgroup\n");
+        return -1;
+      }
+      *p = '\0';
+      workgroup = miscptr;
+      miscptr = p + 1;
+      if (verbose || debug) {
+        printf("[VERBOSE] Set workgroup to: %s\n", workgroup);
+      }
+      continue;
+    }
+    if (CMP(tkn_netbios, miscptr)) {
+      if (netbios_name != NULL) {
+        // miscptr has already been processed, goto end
+        miscptr += strlen(miscptr) + 1;
+        continue;
+      }
+      miscptr += sizeof(tkn_netbios) - 1;
+      char *p = strchr(miscptr, '}');
+      if (p == NULL) {
+        hydra_report(stderr, "[ERROR] missing closing brace in netbios name\n");
+        return -1;
+      }
+      *p = '\0';
+      netbios_name = miscptr;
+      miscptr = p + 1;
+      if (verbose || debug) {
+        printf("[VERBOSE] Set netbios name to: %s\n", netbios_name);
+      }
+      continue;
+    }
+    if (CMP(tkn_nthash_true, miscptr)) {
+      miscptr += sizeof(tkn_nthash_true) - 1;
+      use_nt_hash = true;
+      if (verbose || debug) {
+        printf("[VERBOSE] Enabled nthash.\n");
+      }
+      continue;
+    }
+    if (CMP(tkn_nthash_false, miscptr)) {
+      miscptr += sizeof(tkn_nthash_false) - 1;
+      use_nt_hash = false;
+      if (verbose || debug) {
+        printf("[VERBOSE] Disabled nthash.\n");
+      }
+      continue;
+    }
+
+    hydra_report(stderr, "[ERROR] unable to parse: %s\n", miscptr);
+    return -1;
+  }
+
+  return 0;
+}
+
+void usage_smb2(const char *service) {
+  puts("Module is a thin wrapper over the Samba client library (libsmbclient).\n"
+       "Thus, is capable of negotiating v1, v2 and v3 of the protocol.\n"
+       "\n"
+       "As this relies on Samba libraries, the system smb.conf will be parsed\n"
+       "when library starts up. It is possible to add configuration options\n"
+       "into that file that affect this module (such as min/max supported\n"
+       "protocol version).\n"
+       "\n"
+       "Caution: due to the high-level libsmbclient api (compared the smb\n"
+       "Hydra module), the accuracy is reduced. That is, this module works by\n"
+       "attempting to open the IPC$ share, which is reported as an error,\n"
+       "e.g. try this with the smbclient tool and it will raise the\n"
+       "NT_STATUS_INVALID_INFO_CLASS error). Sadly, the level of feedback\n"
+       "from the api does not distinguish this error from general/unknown\n"
+       "errors, so it might be possible to have false positives due to this\n"
+       "fact. One example of this is when the library can not parse the uri\n"
+       "correctly. On the other hand, false negatives could occur when a\n"
+       "valid credential is unable to open the share due to access control,\n"
+       "e.g. a locked/suspended account.\n"
+       "\n"
+       "There are three module options available:\n"
+       "  workgroup:{XXX} - set the users workgroup\n"
+       "  netbios:{XXX} - set the recipients netbios name\n"
+       "  nthash:true or nthash:false - threat password as an nthash\n"
+       "\n"
+       "Examples: \n"
+       "  hydra smb2://abc.com -l admin -p xxx -m workgroup:{OFFICE}\n"
+       "  hydra smb2://1.2.3.4 -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 -m "
+       "'workgroup:{OFFICE} nthash:true'\n"
+       "  hydra -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 "
+       "'smb2://1.2.3.4/workgroup:{OFFICE} nthash:true'\n");
+}
+
+#endif // LIBSMBCLIENT
--- a/hydra-smtp-enum.c
+++ b/hydra-smtp-enum.c
@ -121,16 +121,20 @@ int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options
    // we should report command not identified by the server
    // 502 5.5.2 Error: command not recognized
    //#ifdef HAVE_PCRE
-//    if ((debug || hydra_string_match(buf, "\\scommand\\snot\\srecognized")) && err) {
+    //    if ((debug || hydra_string_match(buf,
+    //    "\\scommand\\snot\\srecognized")) && err) {
    //#else
    //    if ((debug || strstr(buf, "command") != NULL) && err) {
    //#endif
    //      hydra_report(stderr, "Server %s", err);
    //    }
-    if (strncmp(buf, "500 ", 4) == 0) {
-      hydra_report(stderr, "[ERROR] command is disabled on the server (choose different method): %s", buf);
+    if (strncmp(buf, "500 ", 4) == 0 || strncmp(buf, "502 ", 4) == 0) {
+      hydra_report(stderr,
+                   "[ERROR] command is disabled on the server (choose "
+                   "different method): %s",
+                   buf);
      free(buf);
-      return 3;
+      return 4;
    }
    memset(buffer, 0, sizeof(buffer));
    // 503 5.5.1 Error: nested MAIL command
@ -241,6 +245,12 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt
      }
      hydra_child_exit(0);
      return;
+    case 4: /* unsupported exit */
+      if (sock >= 0) {
+        sock = hydra_disconnect(sock);
+      }
+      hydra_child_exit(3);
+      return;
    default:
      hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
      hydra_child_exit(0);
@ -266,6 +276,8 @@ int32_t service_smtp_enum_init(char *ip, int32_t sp, unsigned char options, char
 void usage_smtp_enum(const char *service) {
  printf("Module smtp-enum is optionally taking one SMTP command of:\n\n"
         "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n"
-         "login parameter is used as username and password parameter as the domain name\n"
-         "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n");
+         "login parameter is used as username and password parameter as the "
+         "domain name\n"
+         "For example to test if john@localhost exists on 192.168.0.1:\n"
+         "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n");
 }
--- a/hydra-smtp.c
+++ b/hydra-smtp.c
@ -37,7 +37,7 @@ char *smtp_read_server_capacity(int32_t sock) {
 }

 int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
-  char *empty = "";
+  char *empty = "", *result = NULL;
  char *login, *pass, buffer[500], buffer2[500], *fooptr, *buf;

  if (strlen(login = hydra_get_next_login()) == 0)
@ -52,7 +52,6 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha
  }

  switch (smtp_auth_mechanism) {
-
  case AUTH_PLAIN:
    sprintf(buffer, "AUTH PLAIN\r\n");
    if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
@ -62,13 +61,19 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha
      return 1;
    if (strstr(buf, "334") == NULL) {
      hydra_report(stderr, "[ERROR] SMTP PLAIN AUTH : %s\n", buf);
+      if (strstr(buf, "503") != NULL) {
+        free(buf);
+        return 4;
+      }
      free(buf);
      return 3;
    }
    free(buf);

    memset(buffer, 0, sizeof(buffer));
-    sasl_plain(buffer, login, pass);
+    result = sasl_plain(buffer, login, pass);
+    if (result == NULL)
+      return 3;

    char tmp_buffer[sizeof(buffer)];
    sprintf(tmp_buffer, "%.250s\r\n", buffer);
@ -103,7 +108,9 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha
    free(buf);

    memset(buffer2, 0, sizeof(buffer2));
-      sasl_cram_md5(buffer2, pass, buffer);
+    result = sasl_cram_md5(buffer2, pass, buffer);
+    if (result == NULL)
+      return 3;

    sprintf(buffer, "%s %.250s", preplogin, buffer2);
    hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer));
@ -113,8 +120,7 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha
    strcpy(buffer, tmp_buffer);

    free(preplogin);
-    }
-    break;
+  } break;

  case AUTH_DIGESTMD5: {
    sprintf(buffer, "AUTH DIGEST-MD5\r\n");
@ -137,16 +143,15 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha
      hydra_report(stderr, "DEBUG S: %s\n", buffer);

    fooptr = buffer2;
-      sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL);
-      if (fooptr == NULL)
+    result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL);
+    if (result == NULL)
      return 3;

    if (debug)
      hydra_report(stderr, "DEBUG C: %s\n", buffer2);
    hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
    sprintf(buffer, "%s\r\n", buffer2);
-    }
-    break;
+  } break;
 #endif

  case AUTH_NTLM: {
@ -174,8 +179,7 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha
    buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL);
    to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2));
    sprintf(buffer, "%s\r\n", buf1);
-    }
-    break;
+  } break;

  default:
    /* by default trying AUTH LOGIN */
@ -188,7 +192,10 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha

    /* 504 5.7.4 Unrecognized authentication type  */
    if (strstr(buf, "334") == NULL) {
-      hydra_report(stderr, "[ERROR] SMTP LOGIN AUTH, either this auth is disabled or server is not using auth: %s\n", buf);
+      hydra_report(stderr,
+                   "[ERROR] SMTP LOGIN AUTH, either this auth is disabled or "
+                   "server is not using auth: %s\n",
+                   buf);
      free(buf);
      return 3;
    }
@ -325,7 +332,8 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
            free(buf);
            buf = hydra_receive_line(sock);
            if (buf[0] != '2') {
-              hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n");
+              hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer "
+                                   "received from STARTTLS request\n");
            } else {
              free(buf);
              if ((hydra_connect_to_ssl(sock, hostname) == -1)) {
@ -346,9 +354,11 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
                hydra_child_exit(2);
            }
          } else
-            hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n");
+            hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it "
+                                 "is not supported by the server\n");
        } else
-          hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n");
+          hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is "
+                               "not supported by the server\n");
      }
 #endif

@ -380,9 +390,7 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
        smtp_auth_mechanism = AUTH_PLAIN;
      }

-
      if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
-
        if (strstr(miscptr, "LOGIN"))
          smtp_auth_mechanism = AUTH_LOGIN;

@ -399,7 +407,6 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI

        if (strstr(miscptr, "NTLM"))
          smtp_auth_mechanism = AUTH_NTLM;
-
      }

      if (verbose) {
@ -435,6 +442,12 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
      }
      hydra_child_exit(0);
      return;
+    case 4: /* error exit */
+      if (sock >= 0) {
+        sock = hydra_disconnect(sock);
+      }
+      hydra_child_exit(3);
+      return;
    default:
      hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
      hydra_child_exit(0);
@ -460,5 +473,7 @@ int32_t service_smtp_init(char *ip, int32_t sp, unsigned char options, char *mis
 void usage_smtp(const char *service) {
  printf("Module smtp is optionally taking one authentication type of:\n"
         "  LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"
-         "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n");
+         "Additionally TLS encryption via STARTTLS can be enforced with the "
+         "TLS option.\n\n"
+         "Example: smtp://target/TLS:PLAIN\n");
 }
--- a/hydra-snmp.c
+++ b/hydra-snmp.c
@ -1,10 +1,10 @@
 #include "hydra-mod.h"
 #ifdef LIBOPENSSL
+#include <openssl/aes.h>
+#include <openssl/des.h>
 #include <openssl/hmac.h>
 #include <openssl/md5.h>
 #include <openssl/sha.h>
-#include <openssl/des.h>
-#include <openssl/aes.h>
 #endif

 extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
@ -15,29 +15,11 @@ extern int32_t child_head_no;
 char snmpv3buf[1024], *snmpv3info = NULL;
 int32_t snmpv3infolen = 0, snmpversion = 1, snmpread = 1, hashtype = 1, enctype = 0;

-unsigned char snmpv3_init[] = { 0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02,
-  0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00,
-  0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03,
-  0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01,
-  0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00,
-  0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00,
-  0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc,
-  0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00
-};
+unsigned char snmpv3_init[] = {0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, 0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00, 0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03, 0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00, 0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00, 0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00};

-unsigned char snmpv3_get1[] = { 0x30, 0x77, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02,
-  0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00,
-  0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03
-};
+unsigned char snmpv3_get1[] = {0x30, 0x77, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, 0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00, 0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03};

-unsigned char snmpv3_get2[] = { 0x30, 0x2e, 0x04, 0x0c, 0x80, 0x00, 0x00,
-  0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82,
-  0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f,
-  0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01,
-  0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b,
-  0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05,
-  0x00
-};
+unsigned char snmpv3_get2[] = {0x30, 0x2e, 0x04, 0x0c, 0x80, 0x00, 0x00, 0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82, 0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05, 0x00};

 unsigned char snmpv3_nouser[] = {0x04, 0x00, 0x04, 0x00, 0x04, 0x00};

@ -49,13 +31,11 @@ struct SNMPV1_A {
  char comlen;
 };

-struct SNMPV1_A snmpv1_a = {
-  .ID = '\x30',
+struct SNMPV1_A snmpv1_a = {.ID = '\x30',
                            .len = '\x00',
                            .ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */
                            .comid = '\x04',
-  .comlen = '\x00'
-};
+                            .comlen = '\x00'};

 struct SNMPV1_R {
  unsigned char type[2];
@ -68,10 +48,12 @@ struct SNMPV1_R {
  unsigned char value[3];
 } snmpv1_r = {
    .type = "\xa0\x1b", /* GET */
-    .identid = "\x02\x04",.ident = "\x1a\x5e\x97\x00",  /* random crap :) */
+    .identid = "\x02\x04",
+    .ident = "\x1a\x5e\x97\x00", /* random crap :) */
    .errstat = "\x02\x01\x00",   /* no error */
    .errind = "\x02\x01\x00",    /* error index 0 */
-    .objectid = "\x30\x0d",.object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01",    /* sysDescr */
+    .objectid = "\x30\x0d",
+    .object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */
    .value = "\x05\x00"                                       /* we just read, so value = 0 */
 };

@ -86,11 +68,13 @@ struct SNMPV1_W {
  unsigned char value[8];
 } snmpv1_w = {
    .type = "\xa3\x21", /* SET */
-    .identid = "\x02\x04",.ident = "\x1a\x5e\x97\x22",  /* random crap :) */
+    .identid = "\x02\x04",
+    .ident = "\x1a\x5e\x97\x22", /* random crap :) */
    .errstat = "\x02\x01\x00",   /* no error */
    .errind = "\x02\x01\x00",    /* error index 0 */
    .objectid = "\x30\x13",      /* string */
-    .object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00",.value = "\x04\x05Hydra"       /* writing hydra :-) */
+    .object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00",
+    .value = "\x04\x05Hydra" /* writing hydra :-) */
 };

 #ifdef LIBOPENSSL
@ -111,7 +95,7 @@ void password_to_key_md5(u_char * password,     /* IN */

  if (mylen < 8) {
    memset(bpass, 0, sizeof(bpass));
-    strcpy(bpass, password);
+    strncpy(bpass, password, sizeof(bpass) - 1);
    while (mylen < 8) {
      strcat(bpass, password);
      mylen += passwordlen;
@ -277,7 +261,8 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
    if (enctype == 0)
      buffer[1] = 48 + sizeof(snmpv3_get1) + buffer[i + 1];
    i += snmpv3infolen;
-//printf("2 + %d + %d + %d = 0x%02x\n", off, snmpv3infolen, strlen(login), buffer[1]);
+    // printf("2 + %d + %d + %d = 0x%02x\n", off, snmpv3infolen, strlen(login),
+    // buffer[1]);

    buffer[i] = 0x04;
    buffer[i + 1] = strlen(login);
@ -341,7 +326,8 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
 #endif

      /*  for (i = 0; i <= sizeof(snmpv3_get2) - 8; i += 8) {
-    DES_ncbc_encrypt(snmpv3_get2 + i, buf + i, 8, (const_DES_cblock*)(initVect), DES_ENCRYPT);
+          DES_ncbc_encrypt(snmpv3_get2 + i, buf + i, 8,
+        (const_DES_cblock*)(initVect), DES_ENCRYPT);
        }
        // last part of buffer
        if (buffer_len % 8) {
@ -351,10 +337,9 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
          memset(tmp_buf, 0, 8);
          for (uint32_t l = start; l < buffer_len; l++)
            *tmp_buf_ptr++ = buffer[l];
-    DES_ncbc_encrypt(tmp_buf, buf + start, 1, &symcbc, (const_DES_cblock*)(initVect), DES_ENCRYPT);
-    *out_buffer_len = buffer_len + 8 - (buffer_len % 8);  
-  } else  
-    *out_buffer_len = buffer_len;  
+          DES_ncbc_encrypt(tmp_buf, buf + start, 1, &symcbc,
+        (const_DES_cblock*)(initVect), DES_ENCRYPT); *out_buffer_len =
+        buffer_len + 8 - (buffer_len % 8); } else *out_buffer_len = buffer_len;
      */
      // dummy
      k = ((sizeof(snmpv3_get2) - 2) / 8);
@ -453,7 +438,8 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
        if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
          return 3;
        return 1;
-      } else if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser, sizeof(snmpv3_nouser)) >= 0) {      // user does not exist
+      } else if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser,
+                                                             sizeof(snmpv3_nouser)) >= 0) { // user does not exist
        if (verbose)
          printf("[INFO] user %s does not exist, skipping\n", login);
        hydra_completed_pair_skip();
@ -538,8 +524,9 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
              if (debug)
                hydra_dump_asciihex(snmpv3info, snmpv3infolen);
              if (snmpv3info[10] == 3 && child_head_no == 0)
-                printf("[INFO] Remote device MAC address is %02x:%02x:%02x:%02x:%02x:%02x\n", (unsigned char) snmpv3info[12], (unsigned char) snmpv3info[13],
-                       (unsigned char) snmpv3info[14], (unsigned char) snmpv3info[15], (unsigned char) snmpv3info[16], (unsigned char) snmpv3info[12]);
+                printf("[INFO] Remote device MAC address is "
+                       "%02x:%02x:%02x:%02x:%02x:%02x\n",
+                       (unsigned char)snmpv3info[12], (unsigned char)snmpv3info[13], (unsigned char)snmpv3info[14], (unsigned char)snmpv3info[15], (unsigned char)snmpv3info[16], (unsigned char)snmpv3info[12]);
            }
          }
        }
@ -594,13 +581,15 @@ void usage_snmp(const char* service) {
         "   1     use SNMP version 1 (default)\n"
         "   2     use SNMP version 2\n"
         "   3     use SNMP version 3\n"
-         "           Note that SNMP version 3 usually uses both login and passwords!\n"
+         "           Note that SNMP version 3 usually uses both login and "
+         "passwords!\n"
         "           SNMP version 3 has the following optional sub parameters:\n"
         "             MD5   use MD5 authentication (default)\n"
         "             SHA   use SHA authentication\n"
         "             DES   use DES encryption\n"
         "             AES   use AES encryption\n"
-         "           if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n"
+         "           if no -p/-P parameter is given, SNMPv3 noauth is performed, "
+         "which\n"
         "           only requires a password (or username) not both.\n"
         "To combine the options, use colons (\":\"), e.g.:\n"
         "   hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"
--- a/hydra-ssh.c
+++ b/hydra-ssh.c
@ -8,9 +8,7 @@ have to add option -DWITH_SSH1=On in the cmake

 #include "hydra-mod.h"
 #ifndef LIBSSH
-void dummy_ssh() {
-  printf("\n");
-}
+void dummy_ssh() { printf("\n"); }
 #else

 #include <libssh/libssh.h>
@ -36,11 +34,12 @@ int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char
  if (new_session) {
    if (session) {
      ssh_disconnect(session);
-      ssh_finalize();
+      // ssh_finalize();
      ssh_free(session);
+    } else {
+      ssh_init();
    }

-    ssh_init();
    session = ssh_new();
    ssh_options_set(session, SSH_OPTIONS_PORT, &port);
    ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip));
@ -48,6 +47,9 @@ int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char
    ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &hydra_options.waittime);
    ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none");
    ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none");
+    // might be better to add the legacy (first two for KEX and HOST) to the default instead of specifying the full list
+    ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256");
+    ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256");
    if (ssh_connect(session) != 0) {
      // if the connection was drop, exit and let hydra main handle it
      if (verbose)
@ -120,12 +122,15 @@ void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
    switch (run) {
    case 1: /* connect and service init function */
      next_run = start_ssh(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
      break;
    case 2:
      ssh_disconnect(session);
      ssh_finalize();
      ssh_free(session);
      hydra_child_exit(0);
+      break;
    case 3:
      ssh_disconnect(session);
      ssh_finalize();
@ -133,12 +138,14 @@ void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
      if (verbose)
        fprintf(stderr, "[ERROR] ssh protocol error\n");
      hydra_child_exit(2);
+      break;
    case 4:
      ssh_disconnect(session);
      ssh_finalize();
      ssh_free(session);
      fprintf(stderr, "[ERROR] ssh target does not support password auth\n");
      hydra_child_exit(2);
+      break;
    default:
      ssh_disconnect(session);
      ssh_finalize();
@ -155,8 +162,8 @@ void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
 #endif

 //
-// dirty workaround here: miscptr is the ptr to the logins, and the first one is used
-// to test if password authentication is enabled!!
+// dirty workaround here: miscptr is the ptr to the logins, and the first one is
+// used to test if password authentication is enabled!!
 //
 int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
  // called before the childrens are forked off, so this is the function
@ -172,10 +179,13 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc
  //   3 skip target because its unreachable
 #ifdef LIBSSH
  int32_t rc, method;
+  ssh_init();
  ssh_session session = ssh_new();

  if (verbose || debug)
-    printf("[INFO] Testing if password authentication is supported by ssh://%s@%s:%d\n", miscptr == NULL ? "hydra" : miscptr, hydra_address2string_beautiful(ip), port);
+    printf("[INFO] Testing if password authentication is supported by "
+           "ssh://%s@%s:%d\n",
+           miscptr == NULL ? "hydra" : miscptr, hydra_address2string_beautiful(ip), port);
  ssh_options_set(session, SSH_OPTIONS_PORT, &port);
  ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip));
  if (miscptr == NULL)
@ -185,6 +195,9 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc
  ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &hydra_options.waittime);
  ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none");
  ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none");
+  // might be better to add the legacy (first two for KEX and HOST) to the default instead of specifying the full list
+  ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256");
+  ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256");
  if (ssh_connect(session) != 0) {
    fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d - %s\n", hydra_address2string_beautiful(ip), port, ssh_get_error(session));
    return 2;
@ -195,19 +208,28 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc
  ssh_finalize();
  ssh_free(session);

-  if (debug) printf("[DEBUG] SSH method check: %08x\n", method);
+  if (debug)
+    printf("[DEBUG] SSH method check: %08x\n", method);

  if ((method & SSH_AUTH_METHOD_INTERACTIVE) || (method & SSH_AUTH_METHOD_PASSWORD)) {
    if (verbose || debug)
-      printf("[INFO] Successful, password authentication is supported by ssh://%s:%d\n", hydra_address2string_beautiful(ip), port);
+      printf("[INFO] Successful, password authentication is supported by "
+             "ssh://%s:%d\n",
+             hydra_address2string_beautiful(ip), port);
    return 0;
  } else if (method == 0) {
    if (verbose || debug)
-      fprintf(stderr, "[WARNING] invalid SSH method reply from ssh://%s:%d, continuing anyway ... (check for empty password!)\n", hydra_address2string_beautiful(ip), port);
+      fprintf(stderr,
+              "[WARNING] invalid SSH method reply from ssh://%s:%d, continuing "
+              "anyway ... (check for empty password!)\n",
+              hydra_address2string_beautiful(ip), port);
    return 0;
  }

-  fprintf(stderr, "[ERROR] target ssh://%s:%d/ does not support password authentication (method reply %d).\n", hydra_address2string_beautiful(ip), port, method);
+  fprintf(stderr,
+          "[ERROR] target ssh://%s:%d/ does not support password "
+          "authentication (method reply %d).\n",
+          hydra_address2string_beautiful(ip), port, method);
  return 1;
 #else
  return 0;
--- a/hydra-sshkey.c
+++ b/hydra-sshkey.c
@ -8,9 +8,7 @@

 #include "hydra-mod.h"
 #ifndef LIBSSH
-void dummy_sshkey() {
-  printf("\n");
-}
+void dummy_sshkey() { printf("\n"); }
 #else

 #include <libssh/libssh.h>
@ -18,6 +16,7 @@ void dummy_sshkey() {
 #if LIBSSH_VERSION_MAJOR >= 0 && LIBSSH_VERSION_MINOR >= 4

 extern ssh_session session;
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 extern int32_t new_session;

@ -35,8 +34,9 @@ int32_t start_sshkey(int32_t s, char *ip, int32_t port, unsigned char options, c
  if (new_session) {
    if (session) {
      ssh_disconnect(session);
-      ssh_finalize();
      ssh_free(session);
+    } else {
+      ssh_init();
    }

    session = ssh_new();
@ -118,24 +118,29 @@ void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr,
    switch (run) {
    case 1: /* connect and service init function */
      next_run = start_sshkey(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
      break;
    case 2:
      ssh_disconnect(session);
      ssh_finalize();
      ssh_free(session);
      hydra_child_exit(0);
+      break;
    case 3:
      ssh_disconnect(session);
      ssh_finalize();
      ssh_free(session);
      fprintf(stderr, "[ERROR] ssh protocol error\n");
      hydra_child_exit(2);
+      break;
    case 4:
      ssh_disconnect(session);
      ssh_finalize();
      ssh_free(session);
      fprintf(stderr, "[ERROR] ssh target does not support pubkey auth\n");
      hydra_child_exit(2);
+      break;
    default:
      ssh_disconnect(session);
      ssh_finalize();
@ -166,8 +171,10 @@ int32_t service_sshkey_init(char *ip, int32_t sp, unsigned char options, char *m
 }

 void usage_sshkey(const char *service) {
-  printf("Module sshkey does not provide additional options, although the semantic for\n"
+  printf("Module sshkey does not provide additional options, although the "
+         "semantic for\n"
         "options -p and -P is changed:\n"
         "  -p expects a path to an unencrypted private key in PEM format.\n"
-         "  -P expects a filename containing a list of path to some unencrypted\n" "     private keys in PEM format.\n\n");
+         "  -P expects a filename containing a list of path to some unencrypted\n"
+         "     private keys in PEM format.\n\n");
 }
--- a/hydra-svn.c
+++ b/hydra-svn.c
@ -4,34 +4,40 @@
 #ifdef LIBSVN

 /* needed on openSUSE */
+#ifndef _GNU_SOURCE
 #define _GNU_SOURCE
+#endif
+
+#if !defined PATH_MAX && defined HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif

 #include <svn_client.h>
 #include <svn_cmdline.h>
-#include <svn_pools.h>
 #include <svn_config.h>
 #include <svn_fs.h>
+#include <svn_pools.h>
+#include <svn_version.h>
+#if SVN_VER_MINOR > 7
 #include <svn_path.h>
+#endif

 #endif

 #include "hydra-mod.h"

 #ifndef LIBSVN
-void dummy_svn() {
-  printf("\n");
-}
+void dummy_svn() { printf("\n"); }
 #else

 extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);

+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;

 #define DEFAULT_BRANCH "trunk"

-static svn_error_t *print_dirdummy(void *baton, const char *path, const svn_dirent_t * dirent, const svn_lock_t * lock, const char *abs_path, apr_pool_t * pool) {
-  return SVN_NO_ERROR;
-}
+static svn_error_t *print_dirdummy(void *baton, const char *path, const svn_dirent_t *dirent, const svn_lock_t *lock, const char *abs_path, apr_pool_t *pool) { return SVN_NO_ERROR; }

 static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t **cred, void *baton, const char *realm, const char *username, svn_boolean_t may_save, apr_pool_t *pool) {
  char *empty = "";
@ -54,7 +60,9 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char
  // int32_t ipv6 = 0;
  char URL[1024];
  char URLBRANCH[256];
+#if SVN_VER_MINOR > 7
  const char *canonical;
+#endif
  apr_pool_t *pool;
  svn_error_t *err;
  svn_opt_revision_t revision;
@ -83,7 +91,11 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char
    return 4;
  }

+#if SVN_VER_MINOR > 7
  if ((err = svn_client_create_context2(&ctx, NULL, pool))) {
+#else
+  if ((err = svn_client_create_context(&ctx, pool))) {
+#endif
    svn_pool_destroy(pool);
    svn_handle_error2(err, stderr, FALSE, "hydra: ");
    return 4;
@ -107,8 +119,15 @@ int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char
  revision.kind = svn_opt_revision_head;
  snprintf(URL, sizeof(URL), "svn://%s:%d/%s", hydra_address2string_beautiful(ip), port, URLBRANCH);
  dirents = SVN_DIRENT_KIND;
+#if SVN_VER_MINOR > 9
+  canonical = svn_uri_canonicalize(URL, pool);
+  err = svn_client_list4(canonical, &revision, &revision, NULL, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t)print_dirdummy, NULL, ctx, pool);
+#elif SVN_VER_MINOR > 7
  canonical = svn_uri_canonicalize(URL, pool);
  err = svn_client_list3(canonical, &revision, &revision, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t)print_dirdummy, NULL, ctx, pool);
+#else
+err = svn_client_list2(URL, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool);
+#endif

  svn_pool_destroy(pool);

@ -179,6 +198,8 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
      break;
    case 2:
      next_run = start_svn(sock, ip, port, options, miscptr, fp);
+      if ((next_run == 1 || next_run == 2) && hydra_options.conwait)
+        sleep(hydra_options.conwait);
      break;
    case 3:
      if (sock >= 0)
@ -187,7 +208,8 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
      return;
    default:
      if (!verbose)
-        hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose option for more details\n");
+        hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose "
+                             "option for more details\n");
      hydra_child_exit(0);
    }
    run = next_run;
@ -207,9 +229,18 @@ int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *misc
  //   0 all OK
  //   -1  error, hydra will exit, so print a good error message here

+#ifdef LIBSVN
+  if (verbose)
+    hydra_report(stderr, "[VERBOSE] detected subversion library v%d.%d\n", SVN_VER_MAJOR, SVN_VER_MINOR);
+  if (SVN_VER_MAJOR != 1 && SVN_VER_MINOR >= 5) {
+    hydra_report(stderr, "[ERROR] unsupported subversion library v%d.%d, exiting!\n", SVN_VER_MAJOR, SVN_VER_MINOR);
+    return -1;
+  }
+#endif
  return 0;
 }

 void usage_svn(const char *service) {
-  printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n");
+  printf("Module svn is optionally taking the repository name to attack, "
+         "default is \"trunk\"\n\n");
 }
--- a/hydra-teamspeak.c
+++ b/hydra-teamspeak.c
@ -36,7 +36,6 @@ struct team_speak {
 extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);

 extern char *HYDRA_EXIT;
-char *buf;

 int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
  char *empty = "";
--- a/hydra-telnet.c
+++ b/hydra-telnet.c
@ -36,7 +36,7 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c
    if ((buf = hydra_receive_line(s)) == NULL)
      return 1;

-    if (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL) {
+    if (strchr(buf, '/') != NULL || strchr(buf, '>') != NULL || strchr(buf, '%') != NULL || strchr(buf, '$') != NULL || strchr(buf, '#') != NULL) {
      hydra_report_found_host(port, ip, "telnet", fp);
      hydra_completed_pair_found();
      free(buf);
@ -75,18 +75,40 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c
  }

  /*win7 answering with do terminal type = 0xfd 0x18 */
-  while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) {
-    if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL &&
-          strstr(buf, "invalid") == NULL && strstr(buf, "failed") == NULL && strstr(buf, "bad ") == NULL &&
-          (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL ||
-          index(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) {
+  while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "password:") == NULL || strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) {
+    if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && strstr(buf, "invalid") == NULL && strstr(buf, "incorrect") == NULL && strstr(buf, "bad ") == NULL && (strchr(buf, '/') != NULL || strchr(buf, '>') != NULL || strchr(buf, '$') != NULL || strchr(buf, '#') != NULL || strchr(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) {
      hydra_report_found_host(port, ip, "telnet", fp);
      hydra_completed_pair_found();
      free(buf);
      if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
        return 3;
      return 1;
+    } else if (buf && strstr(buf, "assword:")) {
+      hydra_completed_pair();
+      // printf("password prompt\n");
+      free(buf);
+      if (strlen(pass = hydra_get_next_password()) == 0)
+        pass = empty;
+      sprintf(buffer, "%s\r", pass);
+      if (no_line_mode) {
+        for (i = 0; i < strlen(buffer); i++) {
+          if (strcmp(&buffer[i], "\r") == 0) {
+            send(s, "\r\0", 2, 0);
+          } else {
+            send(s, &buffer[i], 1, 0);
          }
+          usleepn(20);
+        }
+      } else {
+        if (hydra_send(s, buffer, strlen(buffer) + 1, 0) < 0) {
+          return 1;
+        }
+      }
+    } else if (buf && strstr(buf, "login:")) {
+      free(buf);
+      hydra_completed_pair();
+      return 2;
+    } else
      free(buf);
  }

@ -220,5 +242,7 @@ int32_t service_telnet_init(char *ip, int32_t sp, unsigned char options, char *m

 void usage_telnet(const char *service) {
  printf("Module telnet is optionally taking the string which is displayed after\n"
-         "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n");
+         "a successful login (case insensitive), use if the default in the "
+         "telnet\n"
+         "module produces too many false positives\n\n");
 }
--- a/hydra-time.c
+++ b/hydra-time.c
@ -2,8 +2,7 @@

 #ifndef _WIN32
 #include <time.h>
-int32_t sleepn(time_t seconds)
-{
+int32_t sleepn(time_t seconds) {
  struct timespec ts;
  ts.tv_sec = seconds;
  ts.tv_nsec = 0;
@ -19,13 +18,7 @@ int32_t usleepn(uint64_t milisec) {
 #else

 #include <windows.h>
-int32_t sleepn(uint32_t seconds) 
-{
- return SleepEx(milisec*1000,TRUE);
-}
+int32_t sleepn(uint32_t seconds) { return SleepEx(milisec * 1000, TRUE); }

-int32_t usleepn(uint32_t milisec) 
-{
- return SleepEx(milisec,TRUE);
-}
+int32_t usleepn(uint32_t milisec) { return SleepEx(milisec, TRUE); }
 #endif
--- a/hydra-vmauthd.c
+++ b/hydra-vmauthd.c
@ -5,7 +5,6 @@

 #include "hydra-mod.h"

-
 extern char *HYDRA_EXIT;

 char *buf;
@ -99,7 +98,8 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr,
      // fprintf(stderr, "%s\n",buf);
      // 220 VMware Authentication Daemon Version 1.00
      // 220 VMware Authentication Daemon Version 1.10: SSL Required
-//220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC ,
+      // 220 VMware Authentication Daemon Version 1.10: SSL Required,
+      // ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC ,

      if (buf == NULL || strstr(buf, "220 VMware Authentication Daemon Version ") == NULL) {
        /* check the first line */
@ -108,7 +108,10 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr,
        hydra_child_exit(2);
      }
      if ((strstr(buf, "Version 1.00") == NULL) && (strstr(buf, "Version 1.10") == NULL)) {
-        hydra_report(stderr, "[ERROR] this vmware authd protocol is not supported, please report: %s\n", buf);
+        hydra_report(stderr,
+                     "[ERROR] this vmware authd protocol is not supported, "
+                     "please report: %s\n",
+                     buf);
        free(buf);
        hydra_child_exit(2);
      }
@ -134,6 +137,7 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr,
      if (sock >= 0)
        sock = hydra_disconnect(sock);
      hydra_child_exit(0);
+      break;
    default:
      hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
      hydra_child_exit(2);
--- a/hydra-vnc.c
+++ b/hydra-vnc.c
@ -5,8 +5,8 @@
 *
 */

-#include "hydra-mod.h"
 #include "d3des.h"
+#include "hydra-mod.h"

 #define CHALLENGESIZE 16

@ -19,7 +19,7 @@ int32_t vnc_client_version = RFB33;
 int32_t failed_auth = 0;

 extern char *HYDRA_EXIT;
-char *buf;
+static char *buf;

 /*
 * Encrypt CHALLENGESIZE bytes in memory using a password.
@ -75,8 +75,9 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char
  // supported security type
  switch (buf2[3]) {
  case 0x0:
-    hydra_report(stderr, "[ERROR] VNC server told us to quit %c\n", buf[3]);
+    hydra_report(stderr, "[ERROR] VNC server told us to quit %c\n", buf2[3]);
    hydra_child_exit(0);
+    break;
  case 0x1:
    hydra_report(fp, "VNC server does not require authentication.\n");
    if (fp != stdout)
@ -84,6 +85,7 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char
    hydra_report_found_host(port, ip, "vnc", fp);
    hydra_completed_pair_found();
    hydra_child_exit(2);
+    break;
  case 0x2:
    // VNC security type supported is the only type supported for now
    if (vnc_client_version == RFB37) {
@ -108,7 +110,7 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char
    }
    break;
  default:
-    hydra_report(stderr, "[ERROR] unknown VNC security type\n");
+    hydra_report(stderr, "[ERROR] unknown VNC security type 0x%x\n", buf2[3]);
    hydra_child_exit(2);
  }

@ -179,14 +181,16 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
      }
      if (strstr(buf, " security failures") != NULL) { /* check the first line */
        /*
-           VNC has a 'blacklisting' scheme that blocks an IP address after five unsuccessful connection attempts.
-           The IP address is initially blocked for ten seconds,
-           but this doubles for each unsuccessful attempt thereafter.
-           A successful connection from an IP address resets the blacklist timeout.
-           This is built in to VNC Server and does not rely on operating system support.
+           VNC has a 'blacklisting' scheme that blocks an IP address after five
+           unsuccessful connection attempts. The IP address is initially blocked
+           for ten seconds, but this doubles for each unsuccessful attempt
+           thereafter. A successful connection from an IP address resets the
+           blacklist timeout. This is built in to VNC Server and does not rely
+           on operating system support.
         */
        failed_auth++;
-        hydra_report(stderr, "VNC server reported too many authentication failures, have to wait some seconds ...\n");
+        hydra_report(stderr, "VNC server reported too many authentication "
+                             "failures, have to wait some seconds ...\n");
        sleep(12 * failed_auth);
        free(buf);
        next_run = 1;
@ -194,8 +198,9 @@ void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
      }
      if (verbose)
        hydra_report(stderr, "[VERBOSE] Server banner is %s\n", buf);
-      if (((strstr(buf, "RFB 004.001") != NULL) || (strstr(buf, "RFB 003.007") != NULL) || (strstr(buf, "RFB 003.008") != NULL))) {
-        //using proto version 003.008 to talk to server 004.001 same for 3.7 and 3.8
+      if (((strstr(buf, "RFB 005.000") != NULL) || (strstr(buf, "RFB 004") != NULL) || (strstr(buf, "RFB 003.007") != NULL) || (strstr(buf, "RFB 003.008") != NULL))) {
+        // using proto version 003.007 to talk to server 005.xxx and 004.xxx
+        // same for 3.7 and 3.8
        vnc_client_version = RFB37;
        free(buf);
        buf = strdup("RFB 003.007\n");
--- a/hydra-wizard.sh
+++ b/hydra-wizard.sh
@ -33,10 +33,10 @@ test -e "$pass" && passs="-P $pass"
 test -e "$pass" || passs="-p $pass"
 test -n "$port" && ports="-s $port"
 test -n "$pw" && pws="-e $pw"
-test -n "$opt" && opts="-m '$opt'"
+test -n "$opt" && { opts="-m $opt" ; dopts="-m '$opt'" ; }

 echo The following command will be executed now:
-echo " hydra $users $passs -u $pws $ports $opts $targets $service"
+echo " hydra $users $passs -u $pws $ports $dopts $targets $service"
 echo
 read -p "Do you want to run the command now? [Y/n] " yn
 test "$yn" = "n" -o "$yn" = "N" && { echo Exiting. ; exit 0 ; }
--- a/hydra-xmpp.c
+++ b/hydra-xmpp.c
@ -9,10 +9,11 @@ static char *domain = NULL;
 int32_t xmpp_auth_mechanism = AUTH_ERROR;

 char *JABBER_CLIENT_INIT_STR = "<?xml version='1.0' ?><stream:stream to='";
-char *JABBER_CLIENT_INIT_END_STR = "' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>";
+char *JABBER_CLIENT_INIT_END_STR = "' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' "
+                                   "version='1.0'>";

 int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
-  char *empty = "\"\"";
+  char *empty = "\"\"", *result = NULL;
  char *login, *pass, buffer[500], buffer2[500];
  char *AUTH_STR = "<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='";
  char *AUTH_STR_END = "'/>";
@ -120,24 +121,26 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha
          }
        }
      }
-      }
-      break;
+    } break;
 #ifdef LIBOPENSSL
    case AUTH_PLAIN: {
      memset(buffer2, 0, sizeof(buffer));
-        sasl_plain(buffer2, login, pass);
+      result = sasl_plain(buffer2, login, pass);
+      if (result == NULL)
+        return 3;
      sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
      if (debug)
        hydra_report(stderr, "DEBUG C: %s\n", buffer);

-      }
-      break;
+    } break;
    case AUTH_CRAMMD5: {
      int32_t rc = 0;
      char *preplogin;

      memset(buffer2, 0, sizeof(buffer2));
-        sasl_cram_md5(buffer2, pass, buffer);
+      result = sasl_cram_md5(buffer2, pass, buffer);
+      if (result == NULL)
+        return 3;

      rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin);
      if (rc) {
@ -153,13 +156,12 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha
      strncpy(buffer, buffer2, sizeof(buffer) - 1);
      buffer[sizeof(buffer) - 1] = '\0';
      free(preplogin);
-      }
-      break;
+    } break;
    case AUTH_DIGESTMD5: {
      memset(buffer2, 0, sizeof(buffer2));
      fooptr = buffer2;
-        sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL);
-        if (fooptr == NULL) {
+      result = sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL);
+      if (result == NULL) {
        free(buf);
        return 3;
      }
@ -167,8 +169,7 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha
        hydra_report(stderr, "DEBUG C: %s\n", buffer2);
      hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
      snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR);
-      }
-      break;
+    } break;
    case AUTH_SCRAMSHA1: {
      /*client-first-message */
      char clientfirstmessagebare[200];
@ -220,8 +221,8 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha

        memset(buffer2, 0, sizeof(buffer2));
        fooptr = buffer2;
-          sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage);
-          if (fooptr == NULL) {
+        result = sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage);
+        if (result == NULL) {
          hydra_report(stderr, "[ERROR] Can't compute client response\n");
          free(buf);
          return 1;
@ -234,8 +235,7 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha
        free(buf);
        return 1;
      }
-      }
-      break;
+    } break;
 #endif
      ptr = 0;
    }
@ -249,8 +249,9 @@ int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, cha
    if (buf == NULL)
      return 1;

-    //we test the challenge tag as digest-md5 when connected is sending "rspauth" value
-    //so if we are receiving a second challenge we assume the auth is good
+    // we test the challenge tag as digest-md5 when connected is sending
+    // "rspauth" value so if we are receiving a second challenge we assume the
+    // auth is good

    if ((strstr(buf, "<success") != NULL) || (strstr(buf, "<challenge ") != NULL)) {
      hydra_report_found_host(port, ip, "xmpp", fp);
@ -284,14 +285,16 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha
  int32_t myport = PORT_XMPP, mysslport = PORT_XMPP_SSL, disable_tls = 0;
  char *enddomain = NULL;

-  //we have to pass the target here as the reverse dns resolution is not working for some servers
-  //try to extract only the domain name from the target
-  //so for o.nimbuzz.com will get nimbuzz.com
-  //and hermes.jabber.org will get jabber.org
+  // we have to pass the target here as the reverse dns resolution is not
+  // working for some servers try to extract only the domain name from the
+  // target so for o.nimbuzz.com will get nimbuzz.com and hermes.jabber.org will
+  // get jabber.org

  domain = strchr(target, '.');
  if (!domain) {
-    hydra_report(stderr, "[ERROR] can't extract the domain name, you have to specify a fqdn xmpp server, the domain name will be used in the jabber init request\n");
+    hydra_report(stderr, "[ERROR] can't extract the domain name, you have to "
+                         "specify a fqdn xmpp server, the domain name will be "
+                         "used in the jabber init request\n");
    hydra_child_exit(1);
  }

@ -351,7 +354,11 @@ void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, cha

        if (strstr(buf, "<stream:error")) {
          if (strstr(buf, "<host-unknown"))
-            hydra_report(stderr, "[ERROR] %s host unknown, you have to specify a fqdn xmpp server, the domain name will be used in the jabber init request : %s\n", domain, buf);
+            hydra_report(stderr,
+                         "[ERROR] %s host unknown, you have to specify a fqdn "
+                         "xmpp server, the domain name will be used in the "
+                         "jabber init request : %s\n",
+                         domain, buf);
          else
            hydra_report(stderr, "[ERROR] xmpp protocol : %s\n", buf);
          free(buf);
@ -502,5 +509,6 @@ int32_t service_xmpp_init(char *ip, int32_t sp, unsigned char options, char *mis
 void usage_xmpp(const char *service) {
  printf("Module xmpp is optionally taking one authentication type of:\n"
         "  LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n"
-         "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n");
+         "Note, the target passed should be a fdqn as the value is used in the "
+         "Jabber init request, example: hermes.jabber.org\n\n");
 }
--- a/hydra.1
+++ b/hydra.1
@ -1,4 +1,4 @@
-.TH "HYDRA" "1" "01/01/2019"
+.TH "HYDRA" "1" "01/01/2023"
 .SH NAME
 hydra \- a very fast network logon cracker which supports many different services
 .SH SYNOPSIS
--- a/hydra.c
+++ b/hydra.c
--- a/hydra.h
+++ b/hydra.h
@ -3,31 +3,37 @@
 #include <stdio.h>
 #ifdef __sun
 #include <sys/int_types.h>
-#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX)
+#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) || defined(__APPLE__)
 #include <inttypes.h>
 #else
 #include <stdint.h>
 #endif
-#include <string.h>
-#include <stdarg.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <signal.h>
-#include <string.h>
-#include <strings.h>
-#include <time.h>
-#include <sys/time.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
+
+#if defined(_INTTYPES_H) || defined(__CLANG_INTTYPES_H)
+#define hPRIu64 PRIu64
+#else
+#define hPRIu64 "lu"
+#endif
+
+#include <arpa/inet.h>
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
 #include <netdb.h>
 #include <netinet/in.h>
-#include <arpa/inet.h>
-#include <fcntl.h>
-#include <ctype.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <strings.h>
 #include <sys/resource.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/types.h>
 #include <sys/wait.h>
-#include <errno.h>
+#include <time.h>
+#include <unistd.h>

 #ifdef HAVE_OPENSSL
 #define HYDRA_SSL
@ -95,6 +101,8 @@
 #define PORT_MYSQL_SSL 3306
 #define PORT_MSSQL 1433
 #define PORT_MSSQL_SSL 1433
+#define PORT_COBALTSTRIKE 50050
+#define PORT_COBALTSTRIKE_SSL 50050
 #define PORT_POSTGRES 5432
 #define PORT_POSTGRES_SSL 5432
 #define PORT_ORACLE 1521
@ -165,22 +173,9 @@
 int32_t usleepn(uint32_t useconds);
 #endif

-typedef enum {
-  MODE_PASSWORD_LIST = 1,
-  MODE_LOGIN_LIST = 2,
-  MODE_PASSWORD_BRUTE = 4,
-  MODE_PASSWORD_REVERSE = 8,
-  MODE_PASSWORD_NULL = 16,
-  MODE_PASSWORD_SAME = 32,
-  MODE_COLON_FILE = 64
-} hydra_mode_t;
+typedef enum { MODE_PASSWORD_LIST = 1, MODE_LOGIN_LIST = 2, MODE_PASSWORD_BRUTE = 4, MODE_PASSWORD_REVERSE = 8, MODE_PASSWORD_NULL = 16, MODE_PASSWORD_SAME = 32, MODE_COLON_FILE = 64 } hydra_mode_t;

-typedef enum {
-  FORMAT_PLAIN_TEXT,
-  FORMAT_JSONV1,
-  FORMAT_JSONV2,
-  FORMAT_XMLV1
-} output_format_t;
+typedef enum { FORMAT_PLAIN_TEXT, FORMAT_JSONV1, FORMAT_JSONV2, FORMAT_XMLV1 } output_format_t;

 typedef struct {
  hydra_mode_t mode;
@ -199,6 +194,7 @@ typedef struct {
  int32_t cidr;
  int32_t time_next_attempt;
  output_format_t outfile_format;
+  char *distributed; // Use distributed computing by splitting user files on the fly
  char *login;
  char *loginfile;
  char *pass;
@ -213,6 +209,7 @@ typedef struct {
  char *server;
  char *service;
  char bfg;
+  int32_t skip_redo;
 } hydra_option;

 #define _HYDRA_H
--- a/libpq-fe.h
+++ b/libpq-fe.h
@ -197,8 +197,7 @@ extern "C" {
 extern PGconn *PQconnectdb(const char *conninfo);
 extern PGconn *PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions, const char *pgtty, const char *dbName, const char *login, const char *pwd);

-#define PQsetdb(M_PGHOST,M_PGPORT,M_PGOPT,M_PGTTY,M_DBNAME)  \
-	PQsetdbLogin(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME, NULL, NULL)
+#define PQsetdb(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME) PQsetdbLogin(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME, NULL, NULL)

 /* close the current connection and free the PGconn data structure */
 extern void PQfinish(PGconn *conn);
@ -263,19 +262,13 @@ extern "C" {

 /* Simple synchronous query */
 extern PGresult *PQexec(PGconn *conn, const char *query);
-  extern PGresult *PQexecParams(PGconn * conn,
-                                const char *command,
-                                int32_t nParams, const Oid * paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
-  extern PGresult *PQexecPrepared(PGconn * conn,
-                                  const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
+extern PGresult *PQexecParams(PGconn *conn, const char *command, int32_t nParams, const Oid *paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
+extern PGresult *PQexecPrepared(PGconn *conn, const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);

 /* Interface for multiple-result or asynchronous queries */
 extern int32_t PQsendQuery(PGconn *conn, const char *query);
-  extern int32_t PQsendQueryParams(PGconn * conn,
-                               const char *command,
-                               int32_t nParams, const Oid * paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
-  extern int32_t PQsendQueryPrepared(PGconn * conn,
-                                 const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
+extern int32_t PQsendQueryParams(PGconn *conn, const char *command, int32_t nParams, const Oid *paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
+extern int32_t PQsendQueryPrepared(PGconn *conn, const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat);
 extern PGresult *PQgetResult(PGconn *conn);

 /* Routines for managing an asynchronous query */
@ -350,38 +343,31 @@ extern "C" {
 */
 extern PGresult *PQmakeEmptyPGresult(PGconn *conn, ExecStatusType status);

-
 /* Quoting strings before inclusion in queries. */
 extern size_t PQescapeString(char *to, const char *from, size_t length);
 extern unsigned char *PQescapeBytea(const unsigned char *bintext, size_t binlen, size_t *bytealen);
 extern unsigned char *PQunescapeBytea(const unsigned char *strtext, size_t *retbuflen);

-
-
 /* === in fe-print.c === */

-  extern void
-    PQprint(FILE * fout,        /* output stream */
+extern void PQprint(FILE *fout,                                 /* output stream */
                    const PGresult *res, const PQprintOpt *ps); /* option structure */

 /*
 * really old printing routines
 */
-  extern void
-    PQdisplayTuples(const PGresult * res, FILE * fp,    /* where to send the output */
+extern void PQdisplayTuples(const PGresult *res, FILE *fp, /* where to send the output */
                            int32_t fillAlign,             /* pad the fields with spaces */
                            const char *fieldSep,          /* field separator */
                            int32_t printHeader,           /* display headers? */
                            int32_t quiet);

-  extern void
-    PQprintTuples(const PGresult * res, FILE * fout,    /* output stream */
+extern void PQprintTuples(const PGresult *res, FILE *fout, /* output stream */
                          int32_t printAttName,            /* print attribute names */
                          int32_t terseOutput,             /* delimiter bars */
                          int32_t width);                  /* width of column, if 0, use variable
                                                            * width */

-
 /* === in fe-lobj.c === */

 /* Large-object access routines */
--- a/Show more
+++ b/Show more