thc-hydra VS john

Compare thc-hydra vs john and see what are their differences.

thc-hydra

hydra (by vanhauser-thc)
Penetration Testing password-cracker network-security Hydra thc Pentesting Pentest pentest-tool brute-force brute-force-passwords bruteforce-attacks brute-force-attacks bruteforcing bruteforcer Bruteforce password-cracking
Source Code
Suggest alternative
Edit details

john

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs (by openwall)
John C Ripper Password Jtr Opencl Gpgpu Assembler Cracker Crypt Hash Simd Openmp GPU Fpga Mpi
Source Code
openwall.com
Suggest alternative
Edit details
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
thc-hydra john
18 77
9,098 9,386
- 2.9%
5.6 9.4
16 days ago 2 days ago
C C
GNU Affero General Public License v3.0 -
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

thc-hydra

Posts with mentions or reviews of thc-hydra. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-09-19.
  • Show HN: Hydra - Open-Source Columnar Postgres
    6 projects | news.ycombinator.com | 19 Sep 2023
    Nice tool, only unfortunate name, consider changing it. Already very well know security tool named hydra https://github.com/vanhauser-thc/thc-hydra been around since 2001. Then facebook went ahead and named their config tool hydra https://github.com/facebookresearch/hydra on top of it. Like we get it, hydra popular mythology but we could use more original naming for tools
  • Help with a brute force tool
    1 project | /r/hackerrankonreddit | 7 Jul 2023
  • What's everyone working on this week (26/2023)?
    15 projects | /r/rust | 26 Jun 2023
    I just started learning Rust, but I will begin building a brute-force tool. Hydra is great but lacks updates, IMHO. I started using Golang, but it sucks (I love the Go language, but it sucks for this type of task).
  • The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research)
    18 projects | /r/SaaS | 22 May 2023
    Hydra
  • Unable to complete libssh2 handshake
    1 project | /r/nmap | 11 May 2023
  • Password Attacks - Network Services
    1 project | /r/hackthebox | 28 Jan 2023
    Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-01-28 16:31:17 [WARNING] the rdp module is experimental. Please test, report - and if possible, fix. [WARNING] Restorefile (ignored ...) from a previous session found, to prevent overwriting, ./hydra.restore [DATA] max 3 tasks per 1 server, overall 3 tasks, 21112 login tries (l:104/p:203), ~7038 tries per task [DATA] attacking rdp://10.129.202.136:3389/ [STATUS] 166.00 tries/min, 166 tries in 00:01h, 20946 to do in 02:07h, 3 active [STATUS] 121.67 tries/min, 365 tries in 00:03h, 20747 to do in 02:51h, 3 active [3389][rdp] account on 10.129.202.136 might be valid but account not active for remote desktop: login: password: , continuing attacking the account. [STATUS] 86.29 tries/min, 604 tries in 00:07h, 20509 to do in 03:58h, 2 active [ERROR] all children were disabled due too many connection errors 0 of 1 target completed, 0 valid password found [INFO] Writing restore file because 2 server scans could not be completed [ERROR] 1 target was disabled because of too many errors [ERROR] 1 targets did not complete Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-01-28 16:38:23
  • Could use some help
    1 project | /r/Kalilinux | 19 Jan 2023
  • Github hydra scripts
    2 projects | /r/github | 5 Jan 2023
  • THC-Hydra in Rust FOSS Project
    1 project | /r/u_NoahPN | 21 Dec 2022
    I am searching for people interested in coding an alternative to the thc-hydra project, with additional features (implementing the Shodan api to make it automated, etc...)
  • THM HackPark
    1 project | /r/tryhackme | 22 Oct 2022
    Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-10-22 13:09:13

john

Posts with mentions or reviews of john. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-02-01.
  • Best Hacking Tools for Beginners 2024
    5 projects | dev.to | 1 Feb 2024
    John The Ripper
  • Wordlists ,Crunch, John and Hash Cat - All Kali Word List Tools Explained.
    5 projects | dev.to | 25 Jan 2024
    🔗Kali Linux Wordlist: What you need to know 🔗crunch 🔗WordLists - Kali-Tools 🔗WordLists - GitLab - repository 🔗John - Kali-Tools . 🔗Openwall -github repository -John 🔗John-The-Ripper-Tutorial - Techy Rick 🔗Openwall -John - Offical Website . 🔗Hash Cat - Wiki 🔗Cap 2 Hashcat 🔗Markov - Chain 🔗Hash Cat - Forums 🔗Security Stack Exchange - Question 260773 🔗StationX - How to use Hashcat 🔗MSF/Wordlists - charlesreid 🔗MSFConsole 🔗How to use hashcat 🔗MSF/Wordlists - charlesreid1 🔗Where do the words in /usr/share/dict/words come from? 🔗SCOWL (Spell Checker Oriented Word Lists) 🔗The spell utility -spell - find spelling errors (LEGACY) - UNIX What are Different Types of Cryptography? sha1-vs-sha2-the-technical-difference-explained-by-ssl-experts/ 🔗password-encryption 🔗Secure-Programs SHA-1 🔗What-are-computer-algorithms 🔗What Are MD5, SHA-1, and SHA-256 Hashes, and How Do I Check Them? - howtogeek.com 🔗kali-linux-wordlist-what-you-need-to-know
  • password decryption help
    3 projects | /r/privacy | 10 Dec 2023
    Ok, both John the ripper, hashcat and other tools seem to support extracting the hash, or directly trying to discover the password.
  • Metasploit explained for pentesters
    4 projects | dev.to | 1 Dec 2023
  • Inception: Leaking the root hash from /etc./shadow on AMD Zen 4 [video]
    2 projects | news.ycombinator.com | 8 Aug 2023
    With the root hash you can crack the root password using tools like John The Ripper[0]. More generally, I assume, this exploit can be used to read any arbitrary files on the system, bypassing regular access control, and plenty of other stuff you aren't supposed to be able to do as a non-privileged user.

    0: https://www.openwall.com/john/

  • How to pass this captcha?
    1 project | /r/onions | 30 Jun 2023
    use (John the Ripper)[https://github.com/openwall/john] and (rockyou.txt)[https://github.com/rockyou.txt]
  • Attempting to use john the ripper on a password protected zip file, says it is not encrypted?
    1 project | /r/HowToHack | 7 Jun 2023
    this actually seems to have been reported as a bug and fixed years ago but it is still affecting me on a version freshly downloaded from the AUR, is there a way around this or another program i can use?
  • Hackers Tools: Must-Have Tools for Every Ethical Hacker
    2 projects | dev.to | 29 May 2023
    John the Ripper
  • Password-protecting PDF pay statements with Social Insurance Number (Canada).
    1 project | /r/hacking | 1 May 2023
    Since I used to work for the employer in question, I decide to crack my own password-protected pay statements. I downloaded and built John the Ripper jumbo and then all I had to do was run a few commands after looking at the documentation, and there was my SIN number almost instantly.
  • Why Isn't a Timer Capable of Preventing Brute Force
    2 projects | /r/AskComputerScience | 23 Apr 2023
    However, most credential brute forcing takes place offline against a leaked database from some site. A program like John the Ripper is used to try hashing each word in a dictionary until it matches the entries in the database. Because this all happens offline, there's no mechanism in place to delay the attempts or lock the user out.

What are some alternatives?

When comparing thc-hydra and john you can also consider the following projects:

naive-hashcat - Crack password hashes without the fuss :cat2:

hashcat - World's fastest and most advanced password recovery utility

Metasploit - Metasploit Framework

btcrecover - BTCRecover is an open source wallet password and seed recovery tool. For seed based recovery, this is primarily useful in situations where you have lost/forgotten parts of your mnemonic, or have made an error transcribing it. (So you are either seeing an empty wallet or gettign an error that your seed is invalid) For wallet password or passphrase recovery, it is primarily useful if you have a reasonable idea about what your password might be.

SQLMap - Automatic SQL injection and database takeover tool

mimikatz - A little tool to play with Windows security

elpscrk - An Intelligent wordlist generator based on user profiling, permutations, and statistics. (Named after the same tool in Mr.Robot series S01E01)

bitcracker - BitCracker is the first open source password cracking tool for memory units encrypted with BitLocker

JohnTheRipper - John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs [Moved to: https://github.com/openwall/john]

PSKracker - An all-in-one WPA/WPS toolkit

jwt-cracker - Simple HS256, HS384 & HS512 JWT token brute force cracker.

thc-hydra vs naive-hashcat john vs hashcat thc-hydra vs Metasploit john vs btcrecover thc-hydra vs SQLMap john vs mimikatz thc-hydra vs elpscrk john vs bitcracker thc-hydra vs mimikatz john vs JohnTheRipper thc-hydra vs PSKracker john vs jwt-cracker