Merge pull request #1021 from lhywk/fix/null-check-start_redis

Fix Add NULL check to prevent NULL pointer dereference in start_redis( )

.github/workflows/release.yml

@@ -0,0 +1,38 @@
+name: release
+
+on:
+  push:
+    branches: [master, main]
+    tags-ignore: ['**']
+    paths-ignore: [README, TODO, PROBLEMS]
+  pull_request:
+    paths-ignore: [README, TODO, PROBLEMS]
+
+jobs:
+  docker-image:
+    name: Build the docker image
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: docker/setup-qemu-action@v2
+
+      - uses: docker/setup-buildx-action@v2
+
+      - uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - uses: gacts/github-slug@v1 # Action page: <https://github.com/gacts/github-slug>
+        id: slug
+
+      - uses: docker/build-push-action@v3 # Action page: <https://github.com/docker/build-push-action>
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          platforms: linux/amd64, linux/arm64
+#         ,linux/arm/v6, linux/arm/v7
+          tags: vanhauser/hydra:latest
+        

CHANGES

@@ -1,6 +1,27 @@
 Changelog for hydra
 -------------------
 
+Release 9.5
+* many modules did not support -W (all those that used a library for the
+  connection). All (or most?) should be fixed now.
+* http-form:
+  - The help for http-form was wrong. the condition variable must always be
+    the *last* parameter, not the third
+  - Proxy support was not working correctly
+* smb2: fix for updated libsmb2 which resulted in correct guessing attempts
+  not being detected
+* smtp: break early if the server does not allow authentication
+* rdp: detect more return codes that say a user is disabled etc.
+
+
+Release 9.4
+* Switched from pcre/pcre3 to pcre2 as pcre/pcre3 will be dropped from Debian
+* Small fix for weird RTSP servers
+* Added "2=" optional parameter to http-post-form module to tell hydra that
+  a "302" HTTP return code means success
+* replaced wait3 with waitpid for better compatability
+
+
 Release 9.3
 * support Xcode compilation
 * new module: cobaltstrike by ultimaiiii, thank you!

Dockerfile

@@ -0,0 +1,77 @@
+FROM debian:bookworm-slim
+
+ARG HYDRA_VERSION="github"
+
+LABEL \
+    org.opencontainers.image.url="https://github.com/vanhauser-thc/thc-hydra" \
+    org.opencontainers.image.source="https://github.com/vanhauser-thc/thc-hydra" \
+    org.opencontainers.image.version="$HYDRA_VERSION" \
+    org.opencontainers.image.vendor="vanhauser-thc" \
+    org.opencontainers.image.title="hydra" \
+    org.opencontainers.image.licenses="GNU AFFERO GENERAL PUBLIC LICENSE"
+
+COPY . /src
+
+RUN set -x \
+    && apt-get update \
+    && apt-get -y install \
+        #libmysqlclient-dev \
+        default-libmysqlclient-dev \
+        libgpg-error-dev \
+        #libmemcached-dev \
+        #libgcrypt11-dev \
+        libgcrypt-dev \
+        #libgcrypt20-dev \
+        #libgtk2.0-dev \
+        libpcre3-dev \
+        #firebird-dev \
+        libidn11-dev \
+        libssh-dev \
+        #libsvn-dev \
+        libssl-dev \
+        #libpq-dev \
+        make \
+        curl \
+        gcc \
+        1>/dev/null \
+    # The next line fixes the curl "SSL certificate problem: unable to get local issuer certificate" for linux/arm
+    && c_rehash
+
+# Get hydra sources and compile
+RUN cd /src \
+        && make clean \
+        && ./configure \
+        && make \
+        && make install
+
+# Make clean
+RUN apt-get purge -y make gcc \
+    && apt-get autoremove -y \
+    && rm -rf /var/lib/apt/lists/* \
+    && rm -rf /src
+
+# Verify hydra installation
+RUN hydra -h || error_code=$? \
+    && if [ ! "${error_code}" -eq 255 ]; then echo "Wrong exit code for 'hydra help' command"; exit 1; fi \
+    # Unprivileged user creation
+    && echo 'hydra:x:10001:10001::/tmp:/sbin/nologin' > /etc/passwd \
+    && echo 'hydra:x:10001:' > /etc/group
+
+ARG INCLUDE_SECLISTS="true"
+
+RUN set -x \
+    && if [ "${INCLUDE_SECLISTS}" = "true" ]; then \
+        mkdir /tmp/seclists \
+        && curl -SL "https://api.github.com/repos/danielmiessler/SecLists/tarball" -o /tmp/seclists/src.tar.gz \
+        && tar xzf /tmp/seclists/src.tar.gz -C /tmp/seclists \
+        && mv /tmp/seclists/*SecLists*/Passwords /opt/passwords \
+        && mv /tmp/seclists/*SecLists*/Usernames /opt/usernames \
+        && chmod -R u+r /opt/passwords /opt/usernames \
+        && rm -Rf /tmp/seclists \
+        && ls -la /opt/passwords /opt/usernames \
+    ;fi
+
+# Use an unprivileged user
+USER 10001:10001
+
+ENTRYPOINT ["hydra"]

INSTALL

@@ -24,5 +24,5 @@ https://wiki.termux.com/wiki/Graphical_Environment
 
 
 For the Oracle login module, install the basic and SDK packages:
- http://www.oracle.com/technetwork/database/features/instant-client/index.html
+ https://www.oracle.com/database/technologies/instant-client/downloads.html
 

LICENSE

@@ -1,12 +1,7 @@
-[see the end of the file for the special exception for linking with OpenSSL
- - debian people need this]
-
-
-
                     GNU AFFERO GENERAL PUBLIC LICENSE
                        Version 3, 19 November 2007
 
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
@@ -638,8 +633,8 @@ the "copyright" line and a pointer to where the full notice is found.
     Copyright (C) <year>  <name of author>
 
     This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU Affero General Public License as published by
+    it under the terms of the GNU Affero General Public License as published
-    the Free Software Foundation, either version 3 of the License, or
+    by the Free Software Foundation, either version 3 of the License, or
     (at your option) any later version.
 
     This program is distributed in the hope that it will be useful,
@@ -648,7 +643,7 @@ the "copyright" line and a pointer to where the full notice is found.
     GNU Affero General Public License for more details.
 
     You should have received a copy of the GNU Affero General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 Also add information on how to contact you by electronic and paper mail.
 
@@ -663,21 +658,4 @@ specific requirements.
   You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
 For more information on this, and how to apply and follow the GNU AGPL, see
-<http://www.gnu.org/licenses/>.
+<https://www.gnu.org/licenses/>.
-
-
-Special Exception
-
- * In addition, as a special exception, the copyright holders give
- * permission to link the code of portions of this program with the
- * OpenSSL library under certain conditions as described in each
- * individual source file, and distribute linked combinations
- * including the two.
- * You must obey the GNU Affero General Public License in all respects
- * for all of the code used other than OpenSSL.  If you modify
- * file(s) with this exception, you may extend this exception to your
- * version of the file(s), but you are not obligated to do so.  If you
- * do not wish to do so, delete this exception statement from your
- * version.  If you delete this exception statement from all source
- * files in the program, then also delete it here.
-

Makefile.am

@@ -1,10 +1,11 @@
 #
-# Makefile for Hydra - (c) 2001-2022 by van Hauser / THC <vh@thc.org>
+# Makefile for Hydra - (c) 2001-2023 by van Hauser / THC <vh@thc.org>
 #
 WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations  -Wmissing-declarations
 WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align
 CFLAGS ?= -g
-OPTS=-I. -O3 $(CFLAGS) -fcommon
+OPTS=-I. -O3 $(CFLAGS) -fcommon -Wno-deprecated-declarations
+CPPFLAGS += -D_GNU_SOURCE
 # -Wall -g -pedantic
 LIBS=-lm
 DESTDIR ?=

README

@@ -1,7 +1,7 @@
 
 				  H Y D R A
 
-                      (c) 2001-2022 by van Hauser / THC
+                      (c) 2001-2023 by van Hauser / THC
              <vh@thc.org> https://github.com/vanhauser-thc/thc-hydra
        many modules were written by David (dot) Maciejak @ gmail (dot) com
                  BFG code by Jan Dlabal <dlabaljan@gmail.com>
@@ -14,6 +14,13 @@
        in these organizations do not care for laws and ethics anyways.
             You are not one of the "good" ones if you ignore this.)
 
+           NOTE: no this is not meant to be a markdown doc! old school!
+
+
+Hydra in the most current github state can be directly downloaded via docker:
+```
+docker pull vanhauser/hydra
+```
 
 
 INTRODUCTION
@@ -61,6 +68,10 @@ repository is at Github:
 Use the development version at your own risk. It contains new features and
 new bugs. Things might not work!
 
+Alternatively (and easier) to can pull it as a docker container:
+```
+docker pull vanhauser/hydra
+```
 
 
 HOW TO COMPILE
@@ -85,7 +96,7 @@ for a few optional modules (note that some might not be available on your distri
 apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
                  libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \
                  firebird-dev libmemcached-dev libgpg-error-dev \
-                 libgcrypt11-dev libgcrypt20-dev
+                 libgcrypt11-dev libgcrypt20-dev freetds-dev
 ```
 
 This enables all optional modules and features with the exception of Oracle,
@@ -256,6 +267,7 @@ Examples:
 -x 1:3:a generate passwords from length 1 to 3 with all lowercase letters
 -x 2:5:/ generate passwords from length 2 to 5 containing only slashes
 -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers
+-x '3:3:aA1&~#\\ "\'<{([-|_^@)]=}>$%*?./§,;:!`' -v generates length 3 passwords with all 95 characters, and verbose. 
 ```
 
 Example:

configure

@@ -185,6 +185,32 @@ else
    echo "                                ... zlib not found, gzip support disabled"
 fi
 
+echo "Checking for sybdb (sybdb.h) ..."
+for i in $INCDIRS; do
+   if [ -f "$i/sybdb.h" ]; then
+	HAVE_SYBDB="y"
+   fi
+done
+
+if [ -n "$HAVE_SYBDB" ]; then
+   echo "                                ... found"
+else
+   echo "                                ... sybdb not found, MSSQL module will lack TDSv7 support"
+fi
+
+echo "Checking for sybfront (sybfront.h) ..."
+for i in $INCDIRS; do
+   if [ -f "$i/sybfront.h" ]; then
+	HAVE_SYBFRONT="y"
+   fi
+done
+
+if [ -n "$HAVE_SYBFRONT" ]; then
+   echo "                                ... found"
+else
+   echo "                                ... sybfront not found, MSSQL module will lack TDSv7 support"
+fi
+
 echo "Checking for openssl (libssl/libcrypto/ssl.h/sha.h) ..."
 if [ "X" != "X$DEBUG" ]; then
    echo DEBUG: SSL_LIB=$LIBDIRS `ls -d /*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib 2> /dev/null`
@@ -380,21 +406,21 @@ if [ "X" = "X$CURSES_PATH" -o "X" = "X$CURSES_IPATH" ]; then
     CURSES_IPATH=""
 fi
 
-echo "Checking for pcre (libpcre/pcre.h) ..."
+echo "Checking for pcre2 (libpcre/pcre.h) ..."
 for i in $LIBDIRS ; do
     if [ "X" = "X$PCRE_PATH" ]; then
-        if [ -f "$i/libpcre.so" -o -f "$i/libpcre.dylib" -o -f "$i/libpcre.a"   ]; then
+        if [ -f "$i/libpcre2-8.so" -o -f "$i/libpcre2-8.dylib" -o -f "$i/libpcre2-8.a"   ]; then
             PCRE_PATH="$i"
         fi
     fi
     if [ "X" = "X$PCRE_PATH" ]; then
-        TMP_LIB=`/bin/ls $i/libpcre.so* 2> /dev/null | grep libpcre.`
+        TMP_LIB=`/bin/ls $i/libpcre2*.so* 2> /dev/null | grep libpcre.`
         if [ -n "$TMP_LIB" ]; then
           PCRE_PATH="$i"
         fi
     fi
     if [ "X" = "X$PCRE_PATH" ]; then
-        TMP_LIB=`/bin/ls $i/libpcre.dll* 2> /dev/null | grep libpcre.`
+        TMP_LIB=`/bin/ls $i/libpcre2*.dll* 2> /dev/null | grep libpcre.`
         if [ -n "$TMP_LIB" ]; then
           PCRE_PATH="$i"
         fi
@@ -402,14 +428,14 @@ for i in $LIBDIRS ; do
 done
 for i in $INCDIRS ; do
     if [ "X" != "X$PCRE_PATH" ]; then
-        if [ -f "$i/pcre.h" ]; then
+        if [ -f "$i/pcre2.h" ]; then
             PCRE_IPATH="$i"
         fi
     fi
 done
 if [ "X" != "X$DEBUG" ]; then
    echo DEBUG: PCRE_PATH=$PCRE_PATH/libpcre
-   echo DEBUG: PCRE_IPATH=$PCRE_IPATH/pcre.h
+   echo DEBUG: PCRE_IPATH=$PCRE_IPATH/pcre2.h
 fi
 if [ -n "$PCRE_PATH" -a -n "$PCRE_IPATH" ]; then
     echo "                                    ... found"
@@ -966,7 +992,7 @@ if [ -n "$ORACLE_PATH" -a -n "$ORACLE_IPATH" ]; then
 fi
 if [ "X" = "X$ORACLE_PATH" -o "X" = "X$ORACLE_IPATH" ]; then
     echo "                                                            ... NOT found, module Oracle disabled"
-    echo "Get basic and sdk package from http://www.oracle.com/technetwork/database/features/instant-client/index.html"
+    echo "Get basic and sdk package from https://www.oracle.com/database/technologies/instant-client/downloads.html"
     ORACLE_PATH=""
     ORACLE_IPATH=""
 fi
@@ -1356,7 +1382,7 @@ echo "Checking for Android specialities ..."
 TMPC=comptest$$
 STRRCHR=" not"
 echo '#include <stdio.h>' > $TMPC.c
-echo '#include <strings.h>' >> $TMPC.c
+echo '#include <string.h>' >> $TMPC.c
 echo "int main() { char *x = strrchr(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c
 $CC -o $TMPC $TMPC.c > /dev/null 2>&1
 test -x $TMPC && STRRCHR=""
@@ -1496,6 +1522,12 @@ fi
 if [ -n "$RSA" ]; then
     XDEFINES="$XDEFINES -DNO_RSA_LEGACY"
 fi
+if [ -n "$HAVE_SYBDB" ]; then
+    XDEFINES="$XDEFINES -DHAVE_SYBDB"
+fi
+if [ -n "$HAVE_SYBFRONT" ]; then
+    XDEFINES="$XDEFINES -DHAVE_SYBFRONT"
+fi
 if [ -n "$HAVE_ZLIB" ]; then
     XDEFINES="$XDEFINES -DHAVE_ZLIB"
 fi
@@ -1627,6 +1659,9 @@ fi
 if [ -n "$HAVE_ZLIB" ]; then
     XLIBS="$XLIBS -lz"
 fi
+if [ -n "$HAVE_SYBDB" ]; then
+    XLIBS="$XLIBS -lsybdb"
+fi
 if [ -n "$CURSES_PATH" ]; then
     XLIBS="$XLIBS -lcurses"
 fi
@@ -1649,7 +1684,7 @@ if [ -n "$IDN_PATH" ]; then
     XLIBS="$XLIBS -lidn"
 fi
 if [ -n "$PCRE_PATH" ]; then
-    XLIBS="$XLIBS -lpcre"
+    XLIBS="$XLIBS -lpcre2-8"
 fi
 if [ -n "$MYSQL_PATH" ]; then
     XLIBS="$XLIBS -lmysqlclient"

hydra-firebird.c

@@ -22,6 +22,7 @@ void dummy_firebird() { printf("\n"); }
 
 #define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb"
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 
 int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
@@ -124,6 +125,8 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr
        */
 
       next_run = start_firebird(sock, ip, port, options, miscptr, fp);
+      if ((next_run == 1 || next_run == 2) && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 3:
 

hydra-ftp.c

@@ -26,8 +26,10 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char
     if (verbose)
       printf("[INFO] user %s does not exist, skipping\n", login);
     hydra_completed_pair_skip();
-    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
+      free(buf);
       return 4;
+    }
     free(buf);
     return 1;
   }
@@ -35,8 +37,10 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char
   if (buf[0] == '2') {
     hydra_report_found_host(port, ip, "ftp", fp);
     hydra_completed_pair_found();
-    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
+      free(buf);
       return 4;
+    }
     free(buf);
     return 1;
   }
@@ -61,8 +65,10 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char
   if (buf[0] == '2') {
     hydra_report_found_host(port, ip, "ftp", fp);
     hydra_completed_pair_found();
-    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
+      free(buf);
       return 4;
+    }
     free(buf);
     return 1;
   }

hydra-gtk/configure

@@ -2391,7 +2391,7 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   for ac_declaration in \
-   '' \
+   '#include <stdlib.h>' \
    'extern "C" void std::exit (int) throw (); using std::exit;' \
    'extern "C" void std::exit (int); using std::exit;' \
    'extern "C" void exit (int) throw ();' \
@@ -3192,7 +3192,7 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   for ac_declaration in \
-   '' \
+   '#include <stdlib.h>' \
    'extern "C" void std::exit (int) throw (); using std::exit;' \
    'extern "C" void std::exit (int); using std::exit;' \
    'extern "C" void exit (int) throw ();' \
@@ -3797,8 +3797,8 @@ main ()
   for (i = 0; i < 256; i++)
     if (XOR (islower (i), ISLOWER (i))
 	|| toupper (i) != TOUPPER (i))
-      exit(2);
+      return 2;
-  exit (0);
+  return 0;
 }
 _ACEOF
 rm -f conftest$ac_exeext

hydra-gtk/src/main.c

@@ -17,6 +17,8 @@
 char *hydra_path1 = "./hydra";
 char *hydra_path2 = "/usr/local/bin/hydra";
 char *hydra_path3 = "/usr/bin/hydra";
+char *hydra_path4 = "/data/data/com.termux/files/usr/bin/hydra";
+char *hydra_path5 = "/data/data/com.termux/files/usr/local/bin/hydra";
 
 GtkWidget *wndMain;
 char *HYDRA_BIN;
@@ -53,6 +55,10 @@ int main(int argc, char *argv[]) {
     HYDRA_BIN = hydra_path2;
   } else if (g_file_test(hydra_path3, G_FILE_TEST_IS_EXECUTABLE)) {
     HYDRA_BIN = hydra_path3;
+  } else if (g_file_test(hydra_path4, G_FILE_TEST_IS_EXECUTABLE)) {
+    HYDRA_BIN = hydra_path4;
+  } else if (g_file_test(hydra_path5, G_FILE_TEST_IS_EXECUTABLE)) {
+    HYDRA_BIN = hydra_path5;
   } else {
     g_error("Please tell me where hydra is, use --hydra-path\n");
     return -1;

hydra-http-form.c

@@ -20,33 +20,23 @@ Here's a couple of examples: -
 ./hydra -S -s 443 -l "<username>" -P pass.txt 10.221.64.2 https-get-form
 "/irmlab1/vulnapp.php:username=^USER^&pass=^PASS^:incorrect"
 
-The option field (following the service field) takes three ":" separated
+The option field (following the service field) takes ":" separated values:
-values and an optional fourth value, the first is the page on the server
+The first is the page on the server to GET or POST to.
-to GET or POST to, the second is the POST/GET variables (taken from either
+The second is the POST/GET variables (taken from either the browser, or a proxy
-the browser, or a proxy such as PAROS) with the varying usernames and passwords
+such as ZAP) with the varying usernames and passwords in the "^USER^" and
-in the "^USER^" and "^PASS^" placeholders, the third is the string that it
+"^PASS^" placeholders.
-checks for an *invalid* or *valid* login - any exception to this is counted
+The third + are optional parameters like C=, H= etc. (see below)
-as a success.
+The final(!) parameter is the string that it checks for an *invalid* or *valid*
+login
 So please:
  * invalid condition login should be preceded by "F="
  * valid condition login should be preceded by "S=".
-By default, if no header is found the condition is assume to be a fail,
+By default, if no header is found the condition is assume to be a fail (F=),
-so checking for *invalid* login.
+so checking for an *invalid* login string.
-The fourth optional value, can be a 'C' to define a different page to GET
-initial cookies from.
 
-If you specify the verbose flag (-v) it will show you the response from the
+If you specify the debug flag (-d) it will show you the response from the
 HTTP server which is useful for checking the result of a failed login to
-find something to pattern match against.
+find something to pattern match against. This should be done together with -t 1.
-
-Module initially written by Phil Robinson, IRM Plc (releases@irmplc.com),
-rewritten by David Maciejak
-
-Fix and issue with strtok use and implement 1 step location follow if HTTP
-3xx code is returned (david dot maciejak at gmail dot com)
-
-Added fail or success condition, getting cookies, and allow 5 redirections by
-david
 
 */
 
@@ -75,6 +65,9 @@ typedef struct cookie_node {
 int32_t success_cond = 0;
 int32_t getcookie = 1;
 int32_t auth_flag = 0;
+int32_t code_302_is_success = 0;
+int32_t code_401_is_failure = 0;
+int32_t multipart_mode = 0;
 
 char cookie[4096] = "", cmiscptr[1024];
 
@@ -259,7 +252,7 @@ int32_t add_header(ptr_header_node *ptr_head, char *header, char *value, char ty
   ptr_header_node existing_hdr, new_ptr;
 
   if (!header || !value || !strlen(header) || !strlen(value))
-    return;
+    return 0;
 
   // get to the last header
   for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next)
@@ -323,10 +316,15 @@ void hdrrep(ptr_header_node *ptr_head, char *oldvalue, char *newvalue) {
 
   for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) {
     if ((cur_ptr->type == HEADER_TYPE_USERHEADER || cur_ptr->type == HEADER_TYPE_USERHEADER_REPL) && strstr(cur_ptr->value, oldvalue)) {
-      cur_ptr->value = (char *)realloc(cur_ptr->value, strlen(newvalue) + 1);
+      size_t oldlen = strlen(oldvalue);
-      if (cur_ptr->value)
+      size_t newlen = strlen(newvalue);
-        strcpy(cur_ptr->value, newvalue);
+      if (oldlen != newlen)
-      else {
+        cur_ptr->value = (char *)realloc(cur_ptr->value, strlen(cur_ptr->value) - oldlen + newlen + 1);
+      if (cur_ptr->value) {
+        char *p = strstr(cur_ptr->value, oldvalue);
+        memmove(p + newlen, p + oldlen, strlen(p + oldlen) + 1);
+        memcpy(p, newvalue, newlen);
+      } else {
         hydra_report(stderr, "[ERROR] Out of memory (hddrep).\n");
         hydra_child_exit(0);
       }
@@ -393,7 +391,7 @@ char *stringify_headers(ptr_header_node *ptr_head) {
 }
 
 int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
-  char *ptr, *ptr2;
+  char *ptr, *ptr2, *tmp;
 
   if (miscptr == NULL)
     return 1;
@@ -403,7 +401,7 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
    * Beware of the backslashes (\)!
    */
   while (*miscptr != 0) {
-    if (strlen(miscptr) < 3 || miscptr[1] != '=') {
+    if (strlen(miscptr) < 2 || miscptr[1] != '=') {
       hydra_report(stderr, "[ERROR] optional parameters must have the format X=value: %s\n", miscptr);
       return 0;
     }
@@ -441,6 +439,31 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
       sprintf(cookieurl, "%.1000s", hydra_strrep(miscptr + 2, "\\:", ":"));
       miscptr = ptr;
       break;
+    case '1':
+      code_401_is_failure = 1;
+      tmp = strchr(miscptr, ':');
+      if (tmp)
+        miscptr = tmp + 1;
+      else
+        miscptr += strlen(miscptr);
+      break;
+    case '2':
+      code_302_is_success = 1;
+      tmp = strchr(miscptr, ':');
+      if (tmp)
+        miscptr = tmp + 1;
+      else
+        miscptr += strlen(miscptr);
+      break;
+      case 'm': // fall through
+      case 'M':
+      multipart_mode = 1;
+      tmp = strchr(miscptr, ':');
+      if (tmp)
+        miscptr = tmp + 1;
+      else
+        miscptr += strlen(miscptr);
+      break;
     case 'g': // fall through
     case 'G':
       ptr = miscptr + 2;
@@ -519,6 +542,97 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
   return 1;
 }
 
+char *build_multipart_body(char *multipart_boundary) {
+  if (!variables)
+      return NULL;
+
+  char *body = NULL;
+  size_t body_size = 0;
+
+  // Duplicate "variables" for tokenizing
+  char *vars_dup = strdup(variables);
+  if (!vars_dup)
+      return NULL;
+
+  // Tokenize the string using '&' as a delimiter
+  char *pair = strtok(vars_dup, "&");
+  while (pair != NULL) {
+      // Find the '=' separator in each pair
+      char *equal_sign = strchr(pair, '=');
+      if (!equal_sign) {
+          pair = strtok(NULL, "&");
+          continue;
+      }
+      *equal_sign = '\0';
+      char *key = pair;
+      char *value = equal_sign + 1;
+
+      // Build the multipart section for the field
+      int section_len = snprintf(NULL, 0,
+          "--%s\r\n"
+          "Content-Disposition: form-data; name=\"%s\"\r\n"
+          "\r\n"
+          "%s\r\n",
+          multipart_boundary, key, value);
+          
+      char *section = malloc(section_len + 1);
+      if (!section) {
+          free(body);
+          free(vars_dup);
+          return NULL;
+      }
+      snprintf(section, section_len + 1,
+          "--%s\r\n"
+          "Content-Disposition: form-data; name=\"%s\"\r\n"
+          "\r\n"
+          "%s\r\n",
+          multipart_boundary, key, value);
+
+      // Reallocate the body buffer to add this section
+      size_t new_body_size = body_size + section_len;
+      char *new_body = realloc(body, new_body_size + 1); // +1 for null terminator
+      if (!new_body) {
+          free(section);
+          free(body);
+          free(vars_dup);
+          return NULL;
+      }
+      body = new_body;
+      if (body_size == 0)
+          strcpy(body, section);
+      else
+          strcat(body, section);
+      body_size = new_body_size;
+      free(section);
+
+      pair = strtok(NULL, "&");
+  }
+  free(vars_dup);
+
+  // Append the closing boundary: --<boundary>--\r\n
+  int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary);
+  char *closing = malloc(closing_len + 1);
+  if (!closing) {
+      free(body);
+      return NULL;
+  }
+  snprintf(closing, closing_len + 1, "--%s--\r\n", multipart_boundary);
+  
+  size_t final_size = body_size + closing_len;
+  char *final_body = realloc(body, final_size + 1);
+  if (!final_body) {
+      free(closing);
+      free(body);
+      return NULL;
+  }
+  body = final_body;
+  strcat(body, closing);
+  free(closing);
+
+  return body;
+}
+
+
 char *prepare_http_request(char *type, char *path, char *params, char *headers) {
   uint32_t reqlen = 0;
   char *http_request = NULL;
@@ -727,7 +841,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
   char *http_request = NULL;
   int32_t found = !success_cond, i, j;
   char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH];
-
+  char content_type[256];
   memset(header, 0, sizeof(header));
   cookie[0] = 0; // reset cookies from potential previous attempt
 
@@ -747,11 +861,24 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
   clogin[sizeof(clogin) - 1] = 0;
   strncpy(cpass, html_encode(pass), sizeof(cpass) - 1);
   cpass[sizeof(cpass) - 1] = 0;
-  upd3variables = hydra_strrep(variables, "^USER^", clogin);
+
+  if (multipart_mode) {
+    snprintf(content_type, sizeof(content_type), "multipart/form-data; boundary=----THC-HydraBoundaryz2Z2z");
+    char *multipart_body = build_multipart_body("----THC-HydraBoundaryz2Z2z");
+    upd3variables = multipart_body;
+
+}else{
+    snprintf(content_type, sizeof(content_type), "application/x-www-form-urlencoded");
+    upd3variables = variables;
+}
+
+    upd3variables = hydra_strrep(upd3variables, "^USER^", clogin);
     upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass);
     upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login);
     upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass);
 
+  
+
   // Replace the user/pass placeholders in the user-supplied headers
   hdrrep(&ptr_head, "^USER^", clogin);
   hdrrep(&ptr_head, "^PASS^", cpass);
@@ -762,7 +889,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
   if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) {
     if (getcookie) {
       memset(proxy_string, 0, sizeof(proxy_string));
-      snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl);
+      snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl);
       if (http_request != NULL)
         free(http_request);
       http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request);
@@ -776,14 +903,14 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
     // now prepare for the "real" request
     if (strcmp(type, "POST") == 0) {
       memset(proxy_string, 0, sizeof(proxy_string));
-      snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url);
+      snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url);
       snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables));
       if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
         hdrrepv(&ptr_head, "Content-Length", content_length);
       else
         add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
       if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
-        add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
+          add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT);
       if (cookie_header != NULL)
         free(cookie_header);
       cookie_header = stringify_cookies(ptr_cookie);
@@ -797,8 +924,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
       if (http_request != NULL)
         free(http_request);
       http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request);
-      if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
+      if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
+        free(cookie_header);
         return 1;
+      }
     } else {
       if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
         hdrrepv(&ptr_head, "Content-Length", "0");
@@ -815,16 +944,18 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
       if (http_request != NULL)
         free(http_request);
       http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request);
-      if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
+      if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
+        free(cookie_header);
         return 1;
       }
+    }
   } else {
     if (use_proxy == 1) {
       // proxy without authentication
       if (getcookie) {
         // doing a GET to get cookies
         memset(proxy_string, 0, sizeof(proxy_string));
-        snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl);
+        snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl);
         if (http_request != NULL)
           free(http_request);
         http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request);
@@ -838,14 +969,14 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
       // now prepare for the "real" request
       if (strcmp(type, "POST") == 0) {
         memset(proxy_string, 0, sizeof(proxy_string));
-        snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url);
+        snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url);
         snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables));
         if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
           hdrrepv(&ptr_head, "Content-Length", content_length);
         else
           add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
         if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
-          add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
+          add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT);
         if (cookie_header != NULL)
           free(cookie_header);
         cookie_header = stringify_cookies(ptr_cookie);
@@ -859,8 +990,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
         if (http_request != NULL)
           free(http_request);
         http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request);
-        if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
+        if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
+          free(cookie_header);
           return 1;
+        }
       } else {
         if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
           hdrrepv(&ptr_head, "Content-Length", "0");
@@ -877,9 +1010,11 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
         if (http_request != NULL)
           free(http_request);
         http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request);
-        if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
+        if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
+          free(cookie_header);
           return 1;
         }
+      }
     } else {
       // direct web server, no proxy
       normal_request = NULL;
@@ -908,7 +1043,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
         else
           add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
         if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
-          add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
+          add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT);
         if (cookie_header != NULL)
           free(cookie_header);
         cookie_header = stringify_cookies(ptr_cookie);
@@ -922,8 +1057,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
         if (http_request != NULL)
           free(http_request);
         http_request = prepare_http_request("POST", url, upd3variables, normal_request);
-        if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
+        if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
+          free(cookie_header);
           return 1;
+        }
       } else {
         if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
           hdrrepv(&ptr_head, "Content-Length", "0");
@@ -940,23 +1077,34 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
         if (http_request != NULL)
           free(http_request);
         http_request = prepare_http_request("GET", url, upd3variables, normal_request);
-        if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
+        if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
+          free(cookie_header);
           return 1;
         }
       }
     }
+  }
 
   if (debug)
     hydra_report_debug(stdout, "HTTP request sent:\n%s\n", http_request);
 
   found = analyze_server_response(s);
 
-  if (auth_flag) { // we received a 401 error - user is using wrong module
+  if (redirected_flag && code_302_is_success) {
+    found = success_cond;
+  }
+
+  if (auth_flag) { // we received a 401 error - user may be using wrong module
+    if (code_401_is_failure) { // apparently they don't think so  -- treat 401 as failure
+      hydra_completed_pair();
+      return 1;
+    } else {
       hydra_report(stderr,
-                 "[ERROR] the target is using HTTP auth, not a web form, received HTTP "
+                   "[ERROR] received HTTP error code 401. The target may be using HTTP auth, "
-                 "error code 401. Use module \"http%s-get\" instead.\n",
+                   "not a web form.  Use module \"http%s-get\" instead, or set \"1=\".\n",
                    (options & OPTION_SSL) > 0 ? "s" : "");
-    return 4;
+      return 2;
+    }
   }
 
   if (strlen(cookie) > 0)
@@ -967,12 +1115,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
   if (debug)
     printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff);
 
-  while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) {
+  while (found == 0 && redirected_flag && !code_302_is_success && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) {
     // we have to split the location
     char *startloc, *endloc;
-    char str[2048];
+    char str[2048], str2[2048], str3[2048], str4[2048];
-    char str2[2048];
-    char str3[2048];
 
     redirected_cpt--;
     redirected_flag = 0;
@@ -991,19 +1137,21 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
         startloc += strlen("://");
 
         if ((endloc = strchr(startloc, '\r')) != NULL) {
-          startloc[endloc - startloc] = 0;
+          *endloc = 0;
         }
         if ((endloc = strchr(startloc, '\n')) != NULL) {
-          startloc[endloc - startloc] = 0;
+          *endloc = 0;
         }
-        strcpy(str, startloc);
+        strncpy(str, startloc, sizeof(str) - 1);
+        str[sizeof(str) - 1] = 0;
 
         endloc = strchr(str, '/');
         if (endloc != NULL) {
           strncpy(str2, str, endloc - str);
           str2[endloc - str] = 0;
-        } else
+        } else {
-          strncpy(str2, str, sizeof(str));
+          strcpy(str2, str);
+        }
 
         if (strlen(str) - strlen(str2) == 0) {
           strcpy(str3, "/");
@@ -1012,7 +1160,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
           str3[strlen(str) - strlen(str2)] = 0;
         }
       } else {
-        strncpy(str2, webtarget, sizeof(str2));
+        strncpy(str2, webtarget, sizeof(str2) - 1);
+        str2[sizeof(str2) - 1] = 0;
         if (redirected_url_buff[0] != '/') {
           // it's a relative path, so we have to concatenate it
           // with the path from the first url given
@@ -1028,8 +1177,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
           } else {
             sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff);
           }
-        } else
+        } else {
-          strncpy(str3, redirected_url_buff, sizeof(str3));
+          strncpy(str3, redirected_url_buff, sizeof(str3) - 1);
+          str3[sizeof(str3) - 1] = 0;
+        }
         if (debug)
           hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3, url);
       }
@@ -1041,12 +1192,13 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
         str3[0] = '/';
       }
 
-      if (strrchr(url, ':') == NULL && port != 80) {
+      if (strrchr(str2, ':') == NULL && (port != 80 || port != 443)) {
-        sprintf(str2, "%.2040s:%d", str2, port);
+        sprintf(str4, "%.2000s:%d", str2, port);
+        strcpy(str2, str4);
       }
 
       if (verbose)
-        hydra_report(stderr, "[VERBOSE] Page redirected to http://%s%s\n", str2, str3);
+        hydra_report(stderr, "[VERBOSE] Page redirected to http[s]://%s%s\n", str2, str3);
 
       if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
         hdrrepv(&ptr_head, "Content-Length", "0");
@@ -1065,7 +1217,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
         // proxy with authentication
         hdrrepv(&ptr_head, "Host", str2);
         memset(proxy_string, 0, sizeof(proxy_string));
-        snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3);
+        snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, str3);
         if (normal_request != NULL)
           free(normal_request);
         normal_request = stringify_headers(&ptr_head);
@@ -1077,7 +1229,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
           // proxy without authentication
           hdrrepv(&ptr_head, "Host", str2);
           memset(proxy_string, 0, sizeof(proxy_string));
-          snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3);
+          snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, str3);
           if (normal_request != NULL)
             free(normal_request);
           normal_request = stringify_headers(&ptr_head);
@@ -1098,8 +1250,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
 
       hydra_reconnect(s, ip, port, options, hostname);
 
-      if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
+      if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
+        free(cookie_header);
         return 1;
+      }
 
       found = analyze_server_response(s);
       if (strlen(cookie) > 0)
@@ -1108,7 +1262,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
   }
 
   // if the last status is still 3xx, set it as a false
-  if (found != -1 && found == success_cond && (redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) {
+  if (found != -1 && found == success_cond && ((redirected_flag && code_302_is_success) || redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) {
     hydra_report_found_host(port, ip, "www-form", fp);
     hydra_completed_pair_found();
   } else {
@@ -1273,8 +1427,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
   ptr = ptr2 = NULL;
 
   sprintf(bufferurl, "%.6096s", miscptr);
-  url = bufferurl;
+  ptr = url = bufferurl;
-  ptr = url;
 
   while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\'))
     ptr++;
@@ -1287,39 +1440,41 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
   if (*ptr != 0)
     *ptr++ = 0;
 
-  cond = ptr;
+  optional1 = cond = ptr;
 
-  if ((ptr2 = strchr(ptr, ':')) != NULL) {
+  ptr2 = ptr + strlen(ptr);
+
+  while (ptr2 > ptr && (*ptr2 != ':' || *(ptr2 - 1) == '\\'))
+    ptr2--;
+
+  if (*ptr2 == ':') {
     *ptr2++ = 0;
-    if (*ptr2)
+    cond = ptr2;
-      optional1 = ptr2;
+  }
-    else
+
-      optional1 = NULL;
+  if (optional1 == cond)
-  } else
     optional1 = NULL;
 
   if (strstr(url, "\\:") != NULL) {
-    if ((ptr = malloc(strlen(url))) != NULL) {
+    if ((ptr = malloc(strlen(url) + 1)) != NULL) {
       strcpy(ptr, hydra_strrep(url, "\\:", ":"));
       url = ptr;
     }
   }
   if (strstr(variables, "\\:") != NULL) {
-    if ((ptr = malloc(strlen(variables))) != NULL) {
+    if ((ptr = malloc(strlen(variables) + 1)) != NULL) {
       strcpy(ptr, hydra_strrep(variables, "\\:", ":"));
       variables = ptr;
     }
   }
   if (strstr(cond, "\\:") != NULL) {
-    if ((ptr = malloc(strlen(cond))) != NULL) {
+    if ((ptr = malloc(strlen(cond) + 1)) != NULL) {
       strcpy(ptr, hydra_strrep(cond, "\\:", ":"));
       cond = ptr;
     }
   }
 
-  // printf("ptr: %s  ptr2: %s  cond: %s  url: %s  variables: %s  optional1:
+  // printf("ptr: %s  ptr2: %s  cond: %s  url: %s  variables: %s  optional1: %s\n", ptr, ptr2, cond, url, variables, optional1 == NULL ? "null" : optional1);
-  // %s\n", ptr, ptr2, cond, url, variables, optional1 == NULL ? "null" :
-  // optional1);
 
   if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */)
     hydra_child_exit(2);
@@ -1343,8 +1498,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
     success_cond = 0;
   }
 
-  // printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s
+  // printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond);
-  // (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond);
 
   /*
    * Parse the user-supplied options.
@@ -1417,27 +1571,29 @@ void usage_http_form(const char *service) {
          "redirections in\n"
          "a row. It always gathers a new cookie from the same URL without "
          "variables\n"
-         "The parameters take three \":\" separated values, plus optional "
+         "The parameters requires at a minimum three \":\" separated values,\n"
-         "values.\n"
+         "plus optional values.\n"
          "(Note: if you need a colon in the option string as value, escape it "
          "with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n"
-         "\nSyntax:   <url>:<form parameters>:<condition "
+         "\nSyntax: <url>:<form parameters>[:<optional>[:<optional>]:<condition string>\n"
-         "string>[:<optional>[:<optional>]\n"
+         "\nFirst is the page on the server to GET or POST to (URL), e.g. \"/login\".\n"
-         "First is the page on the server to GET or POST to (URL).\n"
+         "Second is the POST/GET variables (taken from either the browser, proxy, etc.)\n"
-         "Second is the POST/GET variables (taken from either the browser, proxy, "
+         " without the initial '?' character and the usernames and passwords being\n"
-         "etc.\n"
+         " replaced with \"^USER^\" (\"^USER64^\" for base64 encodings) and \"^PASS^\"\n"
-         " with url-encoded (resp. base64-encoded) usernames and passwords being "
+         " (\"^PASS64^\" for base64 encodings).\n"
-         "replaced in the\n"
+         "Third are optional parameters (see below)\n"
-         " \"^USER^\" (resp. \"^USER64^\") and \"^PASS^\" (resp. \"^PASS64^\") "
+         "Last is the string that it checks for an *invalid* login (by default).\n"
-         "placeholders (FORM PARAMETERS)\n"
+         " Invalid condition login check can be preceded by \"F=\", successful condition\n"
-         "Third is the string that it checks for an *invalid* login (by default)\n"
-         " Invalid condition login check can be preceded by \"F=\", successful "
-         "condition\n"
          " login check must be preceded by \"S=\".\n"
-         " This is where most people get it wrong. You have to check the webapp "
+         " This is where most people get it wrong! You have to check the webapp what a\n"
-         "what a\n"
+         " failed string looks like and put it in this parameter! Add the -d switch to see\n"
-         " failed string looks like and put it in this parameter!\n"
+         " the sent/received data!\n"
-         "The following parameters are optional:\n"
+         " Note that using invalid login condition checks can result in false positives!\n"
+         "\nThe following parameters are optional and are put between the form parameters\n"
+         "and the condition string; seperate them too with colons:\n"
+         " 1=                  401 error response is interpreted as user/pass wrong\n"
+         " 2=                  302 page forward return codes identify a successful attempt\n"
+         " M=                  attack forms that use multipart format\n"
          " (c|C)=/page/uri     to define a different page to gather initial "
          "cookies from\n"
          " (g|G)=              skip pre-requests - only use this when no pre-cookies are required\n"
@@ -1451,25 +1607,29 @@ void usage_http_form(const char *service) {
          "exists, by the\n"
          "                 one supplied by the user, or add the header at the "
          "end\n"
-         "Note that if you are going to put colons (:) in your headers you should "
+         "\nNote that if you are going to put colons (:) in your headers you should escape\n"
-         "escape them with a backslash (\\).\n"
+         "them with a backslash (\\). All colons that are not option separators should be\n"
-         " All colons that are not option separators should be escaped (see the "
+         "escaped (see the examples above and below).\n"
-         "examples above and below).\n"
+         "You can specify a header without escaping the colons, but that way you will not\n"
-         " You can specify a header without escaping the colons, but that way you "
+         "be able to put colons in the header value itself, as they will be interpreted by\n"
-         "will not be able to put colons\n"
+         "hydra as option separators.\n"
-         " in the header value itself, as they will be interpreted by hydra as "
-         "option separators.\n"
          "\nExamples:\n"
          " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n"
          " \"/"
-         "login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=authlog=.*"
+         "login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=result="
          "success\"\n"
          " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n"
-         " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic "
+         " \"/:user=^USER&pass=^PASS^:H=Authorization\\: Basic "
          "dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n"
-         " \"/exchweb/bin/auth/"
+         " \"/exchweb/bin/auth/:F=failed"
          "owaauth.dll:destination=http%%3A%%2F%%2F<target>%%2Fexchange&flags=0&"
          "username=<domain>%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:"
-         "reason=:C=/exchweb\"\n",
+         "C=/exchweb\":reason=\n"
+         "To attack multiple targets, you can use the -M option with a file "
+         "containing the targets and their parameters.\n"
+         "Example file content:\n"
+         "  localhost:8443/login:type=login&login=^USER^&password=^PASS^:h=test\\: header:F=401\n"
+         "  localhost:9443/login2:type=login&login=^USER^&password=^PASS^:h=test\\: header:F=302\n"
+         "  ...\n\n",
          service);
 }

hydra-http.c

@@ -451,7 +451,7 @@ int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *mis
       start--;
     memset(start, '\0', condition_len);
     if (debug)
-      hydra_report(stderr, "Modificated options:%s\n", miscptr);
+      hydra_report(stderr, "Modified options:%s\n", miscptr);
   } else {
     if (debug)
       hydra_report(stderr, "Condition not found\n");
@@ -474,6 +474,12 @@ void usage_http(const char *service) {
          "       combination is invalid. Note: this must be the last option "
          "supplied.\n"
          "For example:  \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: "
-         "sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n",
+         "sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n"
+         "To attack multiple targets, you can use the -M option with a file "
+         "containing the targets and their parameters.\n"
+         "Example file content:\n"
+         "  localhost:5000/protected:A=BASIC\n"
+         "  localhost:5002/protected_path:A=NTLM\n"
+         "  ...\n\n",
          service);
 }

hydra-memcached.c

@@ -13,6 +13,7 @@ void dummy_mcached() { printf("\n"); }
 
 extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 
 int mcached_send_com_quit(int32_t sock) {
@@ -117,6 +118,8 @@ void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr,
     switch (run) {
     case 1:
       next_run = start_mcached(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 2:
       hydra_child_exit(0);

hydra-mod.c

@@ -7,7 +7,8 @@
 #include <openssl/ssl.h>
 #endif
 #ifdef HAVE_PCRE
-#include <pcre.h>
+#define PCRE2_CODE_UNIT_WIDTH 8
+#include <pcre2.h>
 #endif
 
 #define MAX_CONNECT_RETRY 1
@@ -661,10 +662,10 @@ char *hydra_get_next_pair() {
     pair[sizeof(pair) - 1] = 0;
     __fck = read(intern_socket, pair, sizeof(pair) - 1);
     // if (debug) hydra_dump_data(pair, __fck, "CHILD READ PAIR");
-    if (memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0)
+    if (pair[0] == 0 || __fck <= 0)
-      return HYDRA_EXIT;
-    if (pair[0] == 0)
       return HYDRA_EMPTY;
+    if (__fck >= sizeof(HYDRA_EXIT) && memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0)
+      return HYDRA_EXIT;
   }
   return pair;
 }
@@ -1291,19 +1292,23 @@ void hydra_set_srcport(int32_t port) { src_port = port; }
 
 #ifdef HAVE_PCRE
 int32_t hydra_string_match(char *str, const char *regex) {
-  pcre *re = NULL;
+  pcre2_code *re = NULL;
-  int32_t offset_error = 0;
+  int32_t error_code = 0;
-  const char *error = NULL;
+  PCRE2_SIZE error_offset;
   int32_t rc = 0;
 
-  re = pcre_compile(regex, PCRE_CASELESS | PCRE_DOTALL, &error, &offset_error, NULL);
+  re = pcre2_compile(regex, PCRE2_ZERO_TERMINATED, PCRE2_CASELESS | PCRE2_DOTALL, &error_code, &error_offset, NULL);
   if (re == NULL) {
-    fprintf(stderr, "[ERROR] PCRE compilation failed at offset %d: %s\n", offset_error, error);
+    fprintf(stderr, "[ERROR] PCRE compilation failed at offset %d: %d\n", error_offset, error_code);
     return 0;
   }
 
-  rc = pcre_exec(re, NULL, str, strlen(str), 0, 0, NULL, 0);
+  pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(re, NULL);
-  if (rc >= 0) {
+  rc = pcre2_match(re, str, PCRE2_ZERO_TERMINATED, 0, 0, match_data, NULL);
+  pcre2_match_data_free(match_data);
+  pcre2_code_free(re);
+
+  if (rc >= 1) {
     return 1;
   }
   return 0;

hydra-mongodb.c

@@ -14,6 +14,7 @@ void dummy_mongodb() { printf("\n"); }
 
 extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 char *buf;
 
@@ -72,10 +73,17 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options,
   mongoc_log_set_handler(NULL, NULL);
   bson_init(&q);
 
+  if (login[0] == '\0' && pass[0] == '\0') {
+    snprintf(uri, sizeof(uri), "mongodb://%s:%d/?authSource=%s", hydra_address2string(ip), port, miscptr);
+  } else {
     snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s:%d/?authSource=%s", login, pass, hydra_address2string(ip), port, miscptr);
+  }
+
   client = mongoc_client_new(uri);
-  if (!client)
+  if (!client) {
+    hydra_completed_pair_skip();
     return 3;
+  }
 
   mongoc_client_set_appname(client, "hydra");
   collection = mongoc_client_get_collection(client, miscptr, "test");
@@ -90,11 +98,11 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options,
       mongoc_collection_destroy(collection);
       mongoc_client_destroy(client);
       mongoc_cleanup();
-      hydra_completed_pair_skip();
+      hydra_completed_pair();
       if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
         return 3;
       }
-      return 2;
+      return 1;
     }
   }
 
@@ -129,6 +137,8 @@ void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr,
     switch (run) {
     case 1:
       next_run = start_mongodb(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 2:
       hydra_child_exit(0);

hydra-mssql.c

@@ -1,10 +1,14 @@
 #include "hydra-mod.h"
-
-#define MSLEN 30
-
 extern char *HYDRA_EXIT;
 char *buf;
 
+#if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB)
+#include <sybdb.h>
+#include <sybfront.h>
+#endif
+
+#define MSLEN 30
+
 unsigned char p_hdr[] = "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00"
                         "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                         "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
@@ -56,6 +60,7 @@ unsigned char p_lng[] = "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00"
 int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
   char *empty = "";
   char *login, *pass, buffer[1024];
+  char *ipaddr_str = hydra_address2string(ip);
   char ms_login[MSLEN + 1];
   char ms_pass[MSLEN + 1];
   unsigned char len_login, len_pass;
@@ -65,6 +70,42 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch
     login = empty;
   if (strlen(pass = hydra_get_next_password()) == 0)
     pass = empty;
+#if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB)
+  if ((strlen(login) > MSLEN) || (strlen(pass) > MSLEN)){
+
+    DBPROCESS *dbproc;
+    LOGINREC *attempt;
+  
+    attempt = dblogin();
+  
+    DBSETLUSER(attempt, login);
+    DBSETLPWD(attempt, pass);
+  
+    // Connect without specifying a database
+    dbproc = dbopen(attempt, ipaddr_str);  
+  
+    if (dbproc != NULL) {
+      dbclose(dbproc);
+      dbexit();
+      hydra_report_found_host(port, ip, "mssql", fp);
+      hydra_completed_pair_found();
+      if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+        return 2;
+      return 1;
+    }
+  
+    hydra_completed_pair();
+    if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
+      return 2;
+  
+    return 1;
+
+  }
+#else
+  if ((strlen(login) > MSLEN) || (strlen(pass) > MSLEN)){
+    fprintf(stderr,"[WARNING] To crack credentials longer than 30 characters, install freetds and recompile\n");
+  }
+#endif
   if (strlen(login) > MSLEN)
     login[MSLEN - 1] = 0;
   if (strlen(pass) > MSLEN)
@@ -119,6 +160,10 @@ void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, F
   int32_t run = 1, next_run = 1, sock = -1;
   int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL;
 
+  #if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB)
+  dbinit();
+  #endif
+
   hydra_register_socket(sp);
   if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
     return;

hydra-mysql.c

@@ -35,6 +35,7 @@ char *hydra_scramble(char *to, const char *message, const char *password);
 extern int32_t internal__hydra_recv(int32_t socket, char *buf, int32_t length);
 extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 char mysqlsalt[9];
 
@@ -332,6 +333,8 @@ void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, F
       break;
     case 2: /* run the cracking function */
       next_run = start_mysql(sock, ip, port, options, miscptr, fp);
+      if ((next_run == 1 || next_run == 2) && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 3: /* clean exit */
       if (sock >= 0) {

hydra-oracle-listener.c

@@ -19,6 +19,7 @@ void dummy_oracle_listener() { printf("\n"); }
 #include <openssl/des.h>
 #define HASHSIZE 17
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 char *buf;
 unsigned char *hash;
@@ -304,6 +305,8 @@ void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *
       }
       /* run the cracking function */
       next_run = start_oracle_listener(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 3: /* clean exit */
       if (sock >= 0)

hydra-oracle-sid.c

@@ -16,6 +16,7 @@ void dummy_oracle_sid() { printf("\n"); }
 #include <openssl/des.h>
 #define HASHSIZE 16
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 char *buf;
 unsigned char *hash;
@@ -113,6 +114,8 @@ void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscp
       }
       /* run the cracking function */
       next_run = start_oracle_sid(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 3: /* clean exit */
       if (sock >= 0)

hydra-oracle.c

@@ -21,6 +21,7 @@ void dummy_oracle() { printf("\n"); }
 #include <stdbool.h>
 #include <sys/types.h>
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 
 OCIEnv *o_environment;
@@ -165,6 +166,8 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr,
       break;
     case 2:
       next_run = start_oracle(sock, ip, port, options, miscptr, fp);
+      if ((next_run == 1 || next_run == 2) && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 3: /* clean exit */
       if (sock >= 0)

hydra-pop3.c

@@ -109,7 +109,7 @@ char *pop3_read_server_capacity(int32_t sock) {
           buf[strlen(buf) - 1] = 0;
         if (buf[strlen(buf) - 1] == '\r')
           buf[strlen(buf) - 1] = 0;
-        if (*(ptr) == '.' || *(ptr) == '-')
+        if (buf[strlen(buf) - 1] == '.' || *(ptr) == '.' || *(ptr) == '-')
           resp = 1;
       }
     }

hydra-postgres.c

@@ -16,6 +16,7 @@ void dummy_postgres() { printf("\n"); }
 
 #define DEFAULT_DB "template1"
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 
 int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
@@ -40,7 +41,7 @@ int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options,
    *      Building the connection string
    */
 
-  snprintf(connection_string, sizeof(connection_string), "host = '%s' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), database, login, pass);
+  snprintf(connection_string, sizeof(connection_string), "host = '%s' port = '%d' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), port, database, login, pass);
 
   if (verbose)
     hydra_report(stderr, "connection string: %s\n", connection_string);
@@ -99,6 +100,8 @@ void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr
        *      Here we start the password cracking process
        */
       next_run = start_postgres(sock, ip, port, options, miscptr, fp);
+      if ((next_run == 2 || next_run == 1) && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 3:
       if (sock >= 0)

hydra-radmin2.c

@@ -366,6 +366,7 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr,
       hydra_report(stderr, "Error: Child with pid %d terminating, protocol error\n", (int32_t)getpid());
       hydra_child_exit(2);
     }
+    free(msg);
   }
 #endif
 }

hydra-rdp.c

@@ -9,27 +9,37 @@
 
 #include "hydra-mod.h"
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 #ifndef LIBFREERDP
 void dummy_rdp() { printf("\n"); }
 #else
 
 #include <freerdp/freerdp.h>
+#include <freerdp/version.h>
 freerdp *instance = 0;
 BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *password) {
   int32_t err = 0;
 
-  instance->settings->Username = login;
+  rdpSettings* settings = instance->context->settings;
-  instance->settings->Password = password;
+
-  instance->settings->IgnoreCertificate = TRUE;
+  settings->Username = login;
+  settings->Password = password;
+  settings->IgnoreCertificate = TRUE;
   if (password[0] == 0)
-    instance->settings->AuthenticationOnly = FALSE;
+    settings->AuthenticationOnly = FALSE;
   else
-    instance->settings->AuthenticationOnly = TRUE;
+    settings->AuthenticationOnly = TRUE;
-  instance->settings->ServerHostname = server;
+  settings->ServerHostname = server;
-  instance->settings->ServerPort = port;
+  settings->ServerPort = port;
-  instance->settings->Domain = domain;
+  settings->Domain = domain;
-  instance->settings->MaxTimeInCheckLoop = 100;
+
+#if FREERDP_VERSION_MAJOR == 2
+  settings->MaxTimeInCheckLoop = 100;
+#endif
+  // freerdp timeout format is microseconds -> default:15000
+  settings->TcpConnectTimeout = hydra_options.waittime * 1000;
+  settings->TlsSecLevel = 0;
   freerdp_connect(instance);
   err = freerdp_get_last_error(instance->context);
   return err;
@@ -58,7 +68,8 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr,
   }
 
   login_result = rdp_connect(server, port, domain, login, pass);
-  if (debug) hydra_report(stderr, "[DEBUG] rdp reported %08x\n", login_result);
+  if (debug)
+    hydra_report(stderr, "[DEBUG] rdp reported %08x\n", login_result);
   switch (login_result) {
   case 0:
     // login success
@@ -71,6 +82,10 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr,
     // login failure
     hydra_completed_pair();
     break;
+  case 0x0002000f:
+    // login failure
+    hydra_completed_pair_skip();
+    break;
   case 0x0002000d:
     hydra_report(stderr,
                  "[%d][rdp] account on %s might be valid but account not "
@@ -99,6 +114,7 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr,
 void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
   int32_t run = 1, next_run = 1;
   int32_t myport = PORT_RDP;
+  int32_t __first_rdp_connect = 1;
 
   if (port != 0)
     myport = port;
@@ -110,7 +126,13 @@ void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
     next_run = 0;
     switch (run) {
     case 1: /* run the cracking function */
+      if (__first_rdp_connect != 0)
+        __first_rdp_connect = 0;
+      else
+        sleep(hydra_options.conwait);
       next_run = start_rdp(ip, myport, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 2: /* clean exit */
       freerdp_disconnect(instance);

hydra-redis.c

@@ -24,6 +24,11 @@ int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, ch
     return 1;
   }
   buf = hydra_receive_line(s);
+  if (buf == NULL) {
+    hydra_report(stderr, "[ERROR] Failed to receive response from Redis server.\n");
+    return 3;
+  }
+
   if (buf[0] == '+') {
     hydra_report_found_host(port, ip, "redis", fp);
     hydra_completed_pair_found();

hydra-rtsp.c

@@ -6,6 +6,10 @@
 //
 //
 
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
+
 #include "hydra-mod.h"
 #include "sasl.h"
 #include <stdio.h>
@@ -16,7 +20,7 @@ char packet[500];
 char packet2[500];
 
 int32_t is_Unauthorized(char *s) {
-  if (strstr(s, "401 Unauthorized") != NULL) {
+  if (strcasestr(s, "401 Unauthorized") != NULL) {
     return 1;
   } else {
     return 0;
@@ -24,7 +28,7 @@ int32_t is_Unauthorized(char *s) {
 }
 
 int32_t is_NotFound(char *s) {
-  if (strstr(s, "404 Stream Not Found") != NULL) {
+  if (strcasestr(s, "404 Stream") != NULL || strcasestr(s, "404 Not") != NULL) {
     return 1;
   } else {
     return 0;
@@ -32,7 +36,7 @@ int32_t is_NotFound(char *s) {
 }
 
 int32_t is_Authorized(char *s) {
-  if (strstr(s, "200 OK") != NULL) {
+  if (strcasestr(s, "200 OK") != NULL) {
     return 1;
   } else {
     return 0;
@@ -40,7 +44,7 @@ int32_t is_Authorized(char *s) {
 }
 
 int32_t use_Basic_Auth(char *s) {
-  if (strstr(s, "WWW-Authenticate: Basic") != NULL) {
+  if (strcasestr(s, "WWW-Authenticate: Basic") != NULL) {
     return 1;
   } else {
     return 0;
@@ -48,7 +52,7 @@ int32_t use_Basic_Auth(char *s) {
 }
 
 int32_t use_Digest_Auth(char *s) {
-  if (strstr(s, "WWW-Authenticate: Digest") != NULL) {
+  if (strcasestr(s, "WWW-Authenticate: Digest") != NULL) {
     return 1;
   } else {
     return 0;
@@ -104,17 +108,6 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha
   } else {
     create_core_packet(1, ip, port);
 
-    if (use_Basic_Auth(lresp) == 1) {
-      free(lresp);
-      sprintf(buffer2, "%.249s:%.249s", login, pass);
-      hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
-
-      sprintf(buffer, "%.500sAuthorization: : Basic %.500s\r\n\r\n", packet2, buffer2);
-
-      if (debug) {
-        hydra_report(stderr, "C:%s\n", buffer);
-      }
-    } else {
     if (use_Digest_Auth(lresp) == 1) {
       char aux[500] = "", dbuf[500] = "", *result = NULL;
       char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest ");
@@ -129,17 +122,23 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha
                            "without OpenSSL/MD5 support\n");
       return 3;
 #endif
-
       if (result == NULL) {
         hydra_report(stderr, "[ERROR] digest generation failed\n");
         return 3;
       }
       sprintf(buffer, "%.500sAuthorization: Digest %.500s\r\n\r\n", packet2, dbuf);
-
+      if (debug)
-        if (debug) {
         hydra_report(stderr, "C:%s\n", buffer);
-        }
+    } else if (use_Basic_Auth(lresp) == 1) {
-      }
+      free(lresp);
+      sprintf(buffer2, "%.249s:%.249s", login, pass);
+      hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
+      sprintf(buffer, "%.500sAuthorization: : Basic %.500s\r\n\r\n", packet2, buffer2);
+      if (debug)
+        hydra_report(stderr, "C:%s\n", buffer);
+    } else {
+      hydra_report(stderr, "[ERROR] unknown authentication protocol\n");
+      return 1;
     }
 
     if (strlen(buffer) == 0) {
@@ -159,7 +158,7 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha
       return 1;
     }
 
-    if ((is_NotFound(lresp))) {
+    if (is_NotFound(lresp) || is_Authorized(lresp)) {
       free(lresp);
       hydra_completed_pair_found();
 

hydra-sapr3.c

@@ -14,6 +14,7 @@ const int32_t *__ctype_b;
 
 extern void flood(); /* for -lm */
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 RFC_ERROR_INFO_EX error_info;
 
@@ -99,6 +100,8 @@ void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, F
     switch (run) {
     case 1: /* connect and service init function */
       next_run = start_sapr3(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 2:
       hydra_child_exit(0);

hydra-smb.c

@@ -1280,8 +1280,8 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char
   } else if (SMBerr == 0x000193) { /* Valid password, account expired  */
     hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, account expired\n", port, ipaddr_str, login);
     hydra_report_found_host(port, ip, "smb", fp);
-    hydra_completed_pair_found();
+    hydra_completed_pair_skip();
-  } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired  */
+  } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, password expired  */
     hydra_report(stdout,
                  "[%d][smb] Host: %s Account: %s Valid password, password "
                  "expired and must be changed on next logon\n",
@@ -1304,14 +1304,13 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char
       hydra_report(stderr, "[INFO] LM dialect may be disabled, try LMV2 instead\n");
     hydra_completed_pair_skip();
   } else if (SMBerr == 0x000024) { /* change password on next login [success] */
-    hydra_report(stdout, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login);
+    hydra_report(stdout, "[%d][smb] Host: %s Account: %s Information: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login);
     hydra_completed_pair_found();
   } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */
     hydra_completed_pair();
   } else if (SMBerr == 0x000071) { /* password expired */
-    if (verbose)
+    hydra_report(stdout, "[%d][smb] Host: %s Account: %s Information: PASSWORD EXPIRED\n", port, ipaddr_str, login);
-      fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: PASSWORD EXPIRED\n", port, ipaddr_str, login);
+    hydra_completed_pair_found();
-    hydra_completed_pair_skip();
   } else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled */ /* BF0002 on w2k */
     if (verbose)
       fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_DISABLED\n", port, ipaddr_str, login);

hydra-smb2.c

@@ -27,6 +27,7 @@
 #include <stdio.h>
 #include <string.h>
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 
 typedef struct creds {
@@ -126,6 +127,11 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) {
 
   */
   switch (errno) {
+  case 0:
+    // maybe false positive? unclear ... :( ... needs more testing
+    smbc_free_context(ctx, 1);
+    return true;
+    break;
   case ENOENT:
     // Noticed this when connecting to older samba servers on linux
     // where any credentials are accepted.
@@ -168,10 +174,15 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) {
 }
 
 void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
+  static int first_run = 0;
   hydra_register_socket(sp);
+
   while (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT))) {
     char *login, *pass;
 
+    if (first_run && hydra_options.conwait)
+      sleep(hydra_options.conwait);
+
     login = hydra_get_next_login();
     pass = hydra_get_next_password();
 
@@ -186,6 +197,8 @@ void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
     } else {
       hydra_completed_pair();
     }
+
+    first_run = 1;
   }
   EXIT_NORMAL;
 }

hydra-smtp.c

@@ -61,6 +61,10 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha
       return 1;
     if (strstr(buf, "334") == NULL) {
       hydra_report(stderr, "[ERROR] SMTP PLAIN AUTH : %s\n", buf);
+      if (strstr(buf, "503") != NULL) {
+        free(buf);
+        return 4;
+      }
       free(buf);
       return 3;
     }
@@ -438,6 +442,12 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
       }
       hydra_child_exit(0);
       return;
+    case 4: /* error exit */
+      if (sock >= 0) {
+        sock = hydra_disconnect(sock);
+      }
+      hydra_child_exit(3);
+      return;
     default:
       hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n");
       hydra_child_exit(0);

hydra-ssh.c

@@ -47,6 +47,9 @@ int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char
     ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &hydra_options.waittime);
     ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none");
     ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none");
+    // might be better to add the legacy (first two for KEX and HOST) to the default instead of specifying the full list
+    ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256");
+    ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256");
     if (ssh_connect(session) != 0) {
       // if the connection was drop, exit and let hydra main handle it
       if (verbose)
@@ -119,6 +122,8 @@ void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
     switch (run) {
     case 1: /* connect and service init function */
       next_run = start_ssh(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 2:
       ssh_disconnect(session);
@@ -190,6 +195,9 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc
   ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &hydra_options.waittime);
   ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none");
   ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none");
+  // might be better to add the legacy (first two for KEX and HOST) to the default instead of specifying the full list
+  ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256");
+  ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256");
   if (ssh_connect(session) != 0) {
     fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d - %s\n", hydra_address2string_beautiful(ip), port, ssh_get_error(session));
     return 2;

hydra-sshkey.c

@@ -16,6 +16,7 @@ void dummy_sshkey() { printf("\n"); }
 #if LIBSSH_VERSION_MAJOR >= 0 && LIBSSH_VERSION_MINOR >= 4
 
 extern ssh_session session;
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 extern int32_t new_session;
 
@@ -117,6 +118,8 @@ void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr,
     switch (run) {
     case 1: /* connect and service init function */
       next_run = start_sshkey(sock, ip, port, options, miscptr, fp);
+      if (next_run == 1 && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 2:
       ssh_disconnect(session);

hydra-svn.c

@@ -4,7 +4,9 @@
 #ifdef LIBSVN
 
 /* needed on openSUSE */
+#ifndef _GNU_SOURCE
 #define _GNU_SOURCE
+#endif
 
 #if !defined PATH_MAX && defined HAVE_SYS_PARAM_H
 #include <sys/param.h>
@@ -30,6 +32,7 @@ void dummy_svn() { printf("\n"); }
 
 extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
 
+extern hydra_option hydra_options;
 extern char *HYDRA_EXIT;
 
 #define DEFAULT_BRANCH "trunk"
@@ -195,6 +198,8 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
       break;
     case 2:
       next_run = start_svn(sock, ip, port, options, miscptr, fp);
+      if ((next_run == 1 || next_run == 2) && hydra_options.conwait)
+        sleep(hydra_options.conwait);
       break;
     case 3:
       if (sock >= 0)

hydra-wizard.sh

@@ -33,10 +33,10 @@ test -e "$pass" && passs="-P $pass"
 test -e "$pass" || passs="-p $pass"
 test -n "$port" && ports="-s $port"
 test -n "$pw" && pws="-e $pw"
-test -n "$opt" && opts="-m '$opt'"
+test -n "$opt" && { opts="-m $opt" ; dopts="-m '$opt'" ; }
 
 echo The following command will be executed now:
-echo " hydra $users $passs -u $pws $ports $opts $targets $service"
+echo " hydra $users $passs -u $pws $ports $dopts $targets $service"
 echo
 read -p "Do you want to run the command now? [Y/n] " yn
 test "$yn" = "n" -o "$yn" = "N" && { echo Exiting. ; exit 0 ; }

hydra.1

@@ -1,4 +1,4 @@
-.TH "HYDRA" "1" "01/01/2022"
+.TH "HYDRA" "1" "01/01/2023"
 .SH NAME
 hydra \- a very fast network logon cracker which supports many different services
 .SH SYNOPSIS

hydra.c

@@ -1,5 +1,5 @@
 /*
- * hydra (c) 2001-2022 by van Hauser / THC <vh@thc.org>
+ * hydra (c) 2001-2023 by van Hauser / THC <vh@thc.org>
  * https://github.com/vanhauser-thc/thc-hydra
  *
  * Parallized network login hacker.
@@ -228,7 +228,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs fire
 #define RESTOREFILE "./hydra.restore"
 
 #define PROGRAM "Hydra"
-#define VERSION "v9.3"
+#define VERSION "v9.6dev"
 #define AUTHOR "van Hauser/THC"
 #define EMAIL "<vh@thc.org>"
 #define AUTHOR2 "David Maciejak"
@@ -267,6 +267,7 @@ typedef struct {
 
 typedef struct {
   char *target;
+  char *miscptr;
   char ip[36];
   char *login_ptr;
   char *pass_ptr;
@@ -343,6 +344,11 @@ int32_t prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed
 int32_t child_head_no = -1, child_socket;
 int32_t total_redo_count = 0;
 
+// requred for distributed attack capability
+uint32_t num_segments = 0;
+uint32_t my_segment = 0;
+char junk_file[50];
+
 // moved for restore feature
 int32_t process_restore = 0, dont_unlink;
 char *login_ptr = NULL, *pass_ptr = "", *csv_ptr = NULL, *servers_ptr = NULL;
@@ -388,7 +394,7 @@ static const struct {
                 {"http-get-form", service_http_form_init, service_http_get_form, usage_http_form},
                 {"http-head", service_http_init, service_http_head, NULL},
                 {"http-form", service_http_form_init, NULL, usage_http_form},
-                {"http-post", NULL, service_http_post, usage_http},
+                {"http-post", service_http_init, service_http_post, usage_http},
                 {"http-post-form", service_http_form_init, service_http_post_form, usage_http_form},
                 SERVICE3("http-proxy", http_proxy),
                 SERVICE3("http-proxy-urlenum", http_proxy_urlenum),
@@ -519,6 +525,8 @@ void help(int32_t ext) {
                     "instead of -L/-P options\n"
                     "  -M FILE   list of servers to attack, one entry per "
                     "line, ':' to specify port\n");
+  PRINT_NORMAL(ext, "  -D XofY   Divide wordlist into Y segments and use the "
+                    "Xth segment.\n");
   PRINT_EXTEND(ext, "  -o FILE   write found login/password pairs to FILE instead of stdout\n"
                     "  -b FORMAT specify the format for the -o FILE: text(default), json, "
                     "jsonv1\n"
@@ -1026,7 +1034,7 @@ void killed_childs(int32_t signo) {
   int32_t pid, i;
 
   killed++;
-  pid = wait3(NULL, WNOHANG, NULL);
+  pid = waitpid(-1, NULL, WNOHANG);
   for (i = 0; i < hydra_options.max_use; i++) {
     if (pid == hydra_heads[i]->pid) {
       hydra_heads[i]->pid = -1;
@@ -1174,13 +1182,12 @@ void hydra_service_init(int32_t target_no) {
   int32_t x = 99;
   int32_t i;
   hydra_target *t = hydra_targets[target_no];
-  char *miscptr = hydra_options.miscptr;
   FILE *ofp = hydra_brains.ofp;
 
   for (i = 0; x == 99 && i < sizeof(services) / sizeof(services[0]); i++) {
     if (strcmp(hydra_options.service, services[i].name) == 0) {
       if (services[i].init) {
-        x = services[i].init(t->ip, -1, options, miscptr, ofp, t->port, t->target);
+        x = services[i].init(t->ip, -1, options, t->miscptr, ofp, t->port, t->target);
         break;
       }
     }
@@ -1264,13 +1271,13 @@ int32_t hydra_spawn_head(int32_t head_no, int32_t target_no) {
 
       hydra_target *t = hydra_targets[target_no];
       int32_t sp = hydra_heads[head_no]->sp[1];
-      char *miscptr = hydra_options.miscptr;
+      // char *miscptr = hydra_options.miscptr;
       FILE *ofp = hydra_brains.ofp;
       hydra_target *head_target = hydra_targets[hydra_heads[head_no]->target_no];
       for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) {
         if (strcmp(hydra_options.service, services[i].name) == 0) {
           if (services[i].exec) {
-            services[i].exec(t->ip, sp, options, miscptr, ofp, t->port, head_target->target);
+            services[i].exec(t->ip, sp, options, t->miscptr, ofp, t->port, head_target->target);
             // just in case a module returns (which it shouldnt) we let it exit
             // here
             exit(-1);
@@ -1447,7 +1454,7 @@ void hydra_kill_head(int32_t head_no, int32_t killit, int32_t fail) {
     //    hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[head_no] =
     //    NULL;
   }
-  (void)wait3(NULL, WNOHANG, NULL);
+  (void)waitpid(-1, NULL, WNOHANG);
 }
 
 void hydra_increase_fail_count(int32_t target_no, int32_t head_no) {
@@ -1591,13 +1598,80 @@ char *hydra_reverse_login(int32_t head_no, char *login) {
   return hydra_heads[head_no]->reverse;
 }
 
+void delete_junk_files(){
+  remove(junk_file);
+}
+
+FILE *hydra_divide_file(FILE *file, uint32_t my_segment, uint32_t num_segments){
+
+  if(my_segment > num_segments){
+    fprintf(stderr, "[ERROR] in option -D XofY, X must not be greater than Y: %s\n", hydra_options.passfile);
+    return NULL;
+    }
+
+  FILE *output_file;
+  char line[500];
+  char output_file_name[50];
+
+  uint32_t line_number = 0;
+
+  double total_lines = countlines(file,0);
+
+  if(num_segments > total_lines){
+    fprintf(stderr, "[ERROR] in option -D XofY, Y must not be greater than the total number of lines in the file to be divided: %s\n", hydra_options.passfile);
+    return NULL;
+  }
+
+  double segment_size_double = total_lines / num_segments;
+
+  // round up segment_size_float to integer
+  uint64_t segment_size = (uint64_t)segment_size_double;
+  if(segment_size < segment_size_double)
+    segment_size++;
+
+  uint64_t segment_start = segment_size * (my_segment - 1) + 1;
+  uint64_t segment_end = segment_size * my_segment;
+
+  
+  
+  srand(time(NULL));
+  int filetag = rand();
+
+  sprintf(output_file_name, "segment_%d_%d.txt",filetag, my_segment);
+  output_file = fopen(output_file_name, "w");
+
+  if(!output_file){
+    fprintf(stderr, "[ERROR] Segment file empty: %s\n", hydra_options.passfile);
+    return NULL;
+  }
+
+  strcpy(junk_file, output_file_name);
+
+  atexit(delete_junk_files);
+
+  while(fgets(line, sizeof line, file) != NULL && line_number < segment_end){
+    line_number++;
+
+    if(line_number >= segment_start && line_number <= segment_end)
+      fprintf(output_file, "%s", line);
+    
+    }
+
+  rewind(file);
+  fclose(output_file);
+  output_file = fopen(output_file_name, "r");
+
+  return output_file;
+
+    }
+
 int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) {
   // variables moved to save stack
   snpdone = 0;
   snp_is_redo = 0;
   snpdont = 0;
   loop_cnt++;
-  if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) {
+  if (hydra_heads[head_no]->redo == 1 && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) {
     hydra_heads[head_no]->redo = 0;
     snp_is_redo = 1;
     snpdone = 1;
@@ -1629,7 +1703,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) {
     return -1;
   }
 
-  if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) {
+  if (hydra_heads[head_no]->redo == 1 && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) {
     hydra_heads[head_no]->redo = 0;
     snp_is_redo = 1;
     snpdone = 1;
@@ -1638,7 +1712,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) {
       printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - "
              "%" hPRIu64 " of %" hPRIu64 "\n",
              hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo);
-    hydra_heads[head_no]->redo = 0;
+    // hydra_heads[head_no]->redo = 0;
     if (hydra_targets[target_no]->redo_state > 0) {
       if (hydra_targets[target_no]->redo_state <= hydra_targets[target_no]->redo) {
         hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo_state - 1];
@@ -2045,7 +2119,7 @@ void process_proxy_line(int32_t type, char *string) {
     string[strlen(string) - 1] = 0;
   if (string[strlen(string) - 1] == '\r')
     string[strlen(string) - 1] = 0;
-  if (proxy_count > MAX_PROXY_COUNT) {
+  if (proxy_count >= MAX_PROXY_COUNT) {
     fprintf(stderr, "[WARNING] maximum amount of proxies loaded, ignoring this entry: %s\n", string);
     return;
   }
@@ -2171,13 +2245,13 @@ void process_proxy_line(int32_t type, char *string) {
 int main(int argc, char *argv[]) {
   char *proxy_string = NULL, *device = NULL, *memcheck;
   char *outfile_format_tmp;
-  FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL, *proxyfp;
+  FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL, *proxyfp, *filecloser=NULL;
   size_t countinfile = 1, sizeinfile = 0;
   uint64_t math2;
   int32_t i = 0, j = 0, k, error = 0, modusage = 0, ignore_restore = 0, do_switch;
   int32_t head_no = 0, target_no = 0, exit_condition = 0, readres;
   time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time;
-  char *tmpptr, *tmpptr2;
+  char *tmpptr, *tmpptr2, *tmpptr3;
   char rc, buf[MAXBUF];
   time_t last_attempt = 0;
   fd_set fdreadheads;
@@ -2186,7 +2260,7 @@ int main(int argc, char *argv[]) {
   struct sockaddr_in6 *ipv6 = NULL;
   struct sockaddr_in *ipv4 = NULL;
 
-  printf("%s %s (c) 2022 by %s & %s - Please do not use in military or secret "
+  printf("%s %s (c) 2023 by %s & %s - Please do not use in military or secret "
          "service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\n\n",
          PROGRAM, VERSION, AUTHOR, AUTHOR2);
 #ifndef LIBAFP
@@ -2307,6 +2381,7 @@ int main(int argc, char *argv[]) {
   hydra_options.loginfile = NULL;
   hydra_options.pass = NULL;
   hydra_options.passfile = NULL;
+  hydra_options.distributed = NULL;
   hydra_options.tasks = TASKS;
   hydra_options.max_use = MAXTASKS;
   hydra_options.outfile_format = FORMAT_PLAIN_TEXT;
@@ -2320,8 +2395,18 @@ int main(int argc, char *argv[]) {
     help(1);
   if (argc < 2)
     help(0);
-  while ((i = getopt(argc, argv, "hIq64Rrde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:K")) >= 0) {
+  while ((i = getopt(argc, argv, "hIq64Rrde:vVl:fFg:D:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:K")) >= 0) {
     switch (i) {
+    case 'D':
+      hydra_options.distributed = optarg;
+      if (sscanf(hydra_options.distributed, "%dof%d", &my_segment, &num_segments) != 2) {
+            fprintf(stderr, "Invalid format. Expected format -D XofY where X and Y are integers.\n");
+            exit(EXIT_FAILURE);
+        }
+      else{
+        fprintf(stdout, "Option \'D\': successfully set X to %d and Y to %d\n", my_segment, num_segments);
+      }
+      break;
     case 'h':
       help(1);
       break;
@@ -3201,6 +3286,7 @@ int main(int argc, char *argv[]) {
         bail("Compiled without SSL support, module not available");
 #endif
       }
+      if (hydra_options.infile_ptr == NULL) {
         if (hydra_options.miscptr == NULL) {
           fprintf(stderr, "[WARNING] You must supply the web page as an "
                           "additional option or via -m, default path set to /\n");
@@ -3276,6 +3362,7 @@ int main(int argc, char *argv[]) {
           }
         }
       }
+    }
 
     if (strcmp(hydra_options.service, "xmpp") == 0)
       i = 1;
@@ -3321,8 +3408,7 @@ int main(int argc, char *argv[]) {
       hydra_options.port = port;
     }
 
-    if (hydra_options.login == NULL && hydra_options.loginfile == NULL &&
+    if (hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.colonfile == NULL)
-        hydra_options.colonfile == NULL)
       hydra_options.exit_found = 1;
 
     if (hydra_options.ssl == 0 && hydra_options.port == 443)
@@ -3403,6 +3489,13 @@ int main(int argc, char *argv[]) {
           fprintf(stderr, "[ERROR] File for logins not found: %s\n", hydra_options.loginfile);
           exit(-1);
         }
+        else if (hydra_options.passfile == NULL){
+                if(my_segment && num_segments){
+                  filecloser = lfp;
+                  lfp = hydra_divide_file(lfp, my_segment, num_segments);
+                  fclose(filecloser);
+                }
+              }
         hydra_brains.countlogin = countlines(lfp, 0);
         hydra_brains.sizelogin = size_of_data;
         if (hydra_brains.countlogin == 0) {
@@ -3435,6 +3528,11 @@ int main(int argc, char *argv[]) {
           fprintf(stderr, "[ERROR] File for passwords not found: %s\n", hydra_options.passfile);
           exit(-1);
         }
+        else if(my_segment && num_segments){
+                  filecloser = pfp;
+                  pfp = hydra_divide_file(pfp, my_segment, num_segments);
+                  fclose(filecloser);
+                }
         hydra_brains.countpass = countlines(pfp, 0);
         hydra_brains.sizepass = size_of_data;
         if (hydra_brains.countpass == 0) {
@@ -3489,6 +3587,11 @@ int main(int argc, char *argv[]) {
         fprintf(stderr, "[ERROR] File for colon files (login:pass) not found: %s\n", hydra_options.colonfile);
         exit(-1);
       }
+      else if(my_segment && num_segments){
+        filecloser = cfp;
+        cfp = hydra_divide_file(cfp, my_segment, num_segments);
+        fclose(filecloser);
+      }
       hydra_brains.countlogin = countlines(cfp, 1);
       hydra_brains.sizelogin = size_of_data;
       if (hydra_brains.countlogin == 0) {
@@ -3592,6 +3695,7 @@ int main(int argc, char *argv[]) {
           }
         } else
           hydra_targets[i]->target = tmpptr;
+        
         if ((tmpptr2 = strchr(tmpptr, ':')) != NULL) {
           *tmpptr2++ = 0;
           tmpptr = tmpptr2;
@@ -3601,6 +3705,13 @@ int main(int argc, char *argv[]) {
         }
         if (hydra_targets[i]->port == 0)
           hydra_targets[i]->port = hydra_options.port;
+
+        if ((tmpptr3 = strchr(tmpptr, '/')) != NULL) {
+          hydra_targets[i]->miscptr = tmpptr3;
+        }
+        else
+          hydra_targets[i]->miscptr = "/";
+
         while (*tmpptr != 0)
           tmpptr++;
         tmpptr++;
@@ -3623,6 +3734,7 @@ int main(int argc, char *argv[]) {
         memset(hydra_targets[0], 0, sizeof(hydra_target));
         hydra_targets[0]->target = servers_ptr = hydra_options.server;
         hydra_targets[0]->port = hydra_options.port;
+        hydra_targets[0]->miscptr = hydra_options.miscptr;
         sizeservers = strlen(hydra_options.server) + 1;
       } else {
         /* CIDR notation on command line, e.g. 192.168.0.0/24 */
@@ -3667,6 +3779,7 @@ int main(int argc, char *argv[]) {
           memcpy(&target.sin_addr.s_addr, (char *)&addr_cur2, 4);
           hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr)target.sin_addr));
           hydra_targets[i]->port = hydra_options.port;
+          hydra_targets[i]->miscptr = hydra_options.miscptr;
           addr_cur++;
           i++;
         }
@@ -3682,6 +3795,7 @@ int main(int argc, char *argv[]) {
       memset(hydra_targets[0], 0, sizeof(hydra_target));
       hydra_targets[0]->target = servers_ptr = hydra_options.server;
       hydra_targets[0]->port = hydra_options.port;
+      hydra_targets[0]->miscptr = hydra_options.miscptr;
       sizeservers = strlen(hydra_options.server) + 1;
     }
     for (i = 0; i < hydra_brains.targets; i++) {
@@ -4114,7 +4228,7 @@ int main(int argc, char *argv[]) {
                   } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) {
                     printf("[%d][%s] host: %s   login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr);
                   } else
-                    printf("[%d][%s] host: %s   login: %s   password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr);
+                    printf("[%d][%s] host: %s   misc: %s   login: %s   password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_targets[hydra_heads[head_no]->target_no]->miscptr, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr);
                 }
                 if (hydra_options.outfile_format == FORMAT_JSONV1 && hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) {
                   fprintf(hydra_brains.ofp,
@@ -4252,7 +4366,7 @@ int main(int argc, char *argv[]) {
     // hydra_brains.sent);
 
     usleepn(USLEEP_LOOP);
-    (void)wait3(NULL, WNOHANG, NULL);
+    (void)waitpid(-1, NULL, WNOHANG);
     // write restore file and report status
     if (process_restore == 1 && time(NULL) - elapsed_restore > 299) {
       hydra_restore_write(0);
@@ -4355,7 +4469,7 @@ int main(int argc, char *argv[]) {
   for (i = 0; i < hydra_options.max_use; i++)
     if (hydra_heads[i]->active == HEAD_ACTIVE && hydra_heads[i]->pid > 0)
       hydra_kill_head(i, 1, 3);
-  (void)wait3(NULL, WNOHANG, NULL);
+  (void)waitpid(-1, NULL, WNOHANG);
 
 #define STRMAX (10 * 1024)
   char json_error[STRMAX + 2], tmp_str[STRMAX + 2];

hydra.h

@@ -194,6 +194,7 @@ typedef struct {
   int32_t cidr;
   int32_t time_next_attempt;
   output_format_t outfile_format;
+  char *distributed; // Use distributed computing by splitting user files on the fly
   char *login;
   char *loginfile;
   char *pass;

pw-inspector.1

@@ -42,7 +42,7 @@ upcase characters (A,B,C,D, etc.)
 numbers (1,2,3,4, etc.)
 .TP
 .B \-p 
-printable characters (which are not \-l/\-n/\-p, e.g. $,!,/,(,*, etc.)
+printable characters (which are not \-l/\-n/\-n, e.g. $,!,/,(,*, etc.)
 .TP
 .B \ -s
 special characters \- all others not withint the sets above

pw-inspector.c

@@ -30,7 +30,7 @@ void help() {
   printf("  -l         lowcase characters (a,b,c,d, etc.)\n");
   printf("  -u         upcase characters (A,B,C,D, etc.)\n");
   printf("  -n         numbers (1,2,3,4, etc.)\n");
-  printf("  -p         printable characters (which are not -l/-n/-p, e.g. "
+  printf("  -p         printable characters (which are not -l/-u/-n, e.g. "
          "$,!,/,(,*, etc.)\n");
   printf("  -s         special characters - all others not within the sets "
          "above\n");
@@ -50,7 +50,7 @@ int main(int argc, char *argv[]) {
   int32_t sets = 0, countsets = 0, minlen = 0, maxlen = MAXLENGTH, count = 0;
   int32_t set_low = 0, set_up = 0, set_no = 0, set_print = 0, set_other = 0;
   FILE *in = stdin, *out = stdout;
-  char buf[MAXLENGTH + 1];
+  unsigned char buf[MAXLENGTH + 1];
 
   prg = argv[0];
   if (argc < 2)
@@ -124,9 +124,9 @@ int main(int argc, char *argv[]) {
   if (countsets == 0)
     countsets = sets;
 
-  while (fgets(buf, sizeof(buf), in) != NULL) {
+  while (fgets((void *)buf, sizeof(buf), in) != NULL) {
-    i = -1;
+    int is_low = 0, is_up = 0, is_no = 0, is_print = 0, is_other = 0;
-    if (buf[0] == 0)
+    if (!buf[0])
       continue;
     if (buf[strlen(buf) - 1] == '\n')
       buf[strlen(buf) - 1] = 0;
@@ -134,40 +134,31 @@ int main(int argc, char *argv[]) {
       buf[strlen(buf) - 1] = 0;
     if (strlen(buf) >= minlen && strlen(buf) <= maxlen) {
       i = 0;
-      if (countsets > 0) {
-        if (set_low)
-          if (strpbrk(buf, "abcdefghijklmnopqrstuvwxyz") != NULL)
-            i++;
-        if (set_up)
-          if (strpbrk(buf, "ABCDEFGHIJKLMNOPQRSTUVWXYZ") != NULL)
-            i++;
-        if (set_no)
-          if (strpbrk(buf, "0123456789") != NULL)
-            i++;
-        if (set_print) {
-          j = 0;
-          for (k = 0; k < strlen(buf); k++)
-            if (isprint((int32_t)buf[k]) != 0 && isalnum((int32_t)buf[k]) == 0)
       j = 1;
-          if (j)
+      for (i = 0; i < strlen(buf) && j; i++) {
-            i++;
-        }
-        if (set_other) {
         j = 0;
-          for (k = 0; k < strlen(buf); k++)
+        if (set_low && islower(buf[i])) {
-            if (isprint((int32_t)buf[k]) == 0 && isalnum((int32_t)buf[k]) == 0)
           j = 1;
-          if (j)
+          is_low = 1;
-            i++;
+        } else if (set_up && isupper(buf[i])) {
+          j = 1;
+          is_up = 1;
+        } else if (set_no && isdigit(buf[i])) {
+          j = 1;
+          is_no = 1;
+        } else if (set_print && isprint(buf[i]) && !isalnum(buf[i])) {
+          j = 1;
+          is_print = 1;
+        } else if (set_other && !isprint(buf[i])) {
+          j = 1;
+          is_other = 1;
         }
       }
-      if (i >= countsets) {
+      if (j && countsets <= is_low + is_up + is_no + is_print + is_other) {
         fprintf(out, "%s\n", buf);
         count++;
       }
     }
-    /* fprintf(stderr, "[DEBUG] i: %d  minlen: %d  maxlen: %d  len: %d\n", i,
-     * minlen, maxlen, strlen(buf)); */
   }
   fclose(in);
   fclose(out);