From 2e908daebb6340b391cac87439420a973c01b1ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=85=AC=E6=98=8E?= <83812544+Ed1s0nZ@users.noreply.github.com> Date: Sat, 27 Jun 2026 00:34:19 +0800 Subject: [PATCH] Add files via upload --- tools/hydra.yaml | 91 +++++++++++++++++++++++++++++++++--------------- 1 file changed, 63 insertions(+), 28 deletions(-) diff --git a/tools/hydra.yaml b/tools/hydra.yaml index a907d42b..ee1fe444 100644 --- a/tools/hydra.yaml +++ b/tools/hydra.yaml @@ -1,60 +1,95 @@ name: "hydra" command: "hydra" +args: ["-I"] enabled: true short_description: "密码暴力破解工具,支持多种协议和服务" description: | - Hydra是一个快速的网络登录破解工具,支持多种协议和服务的密码暴力破解。 + Hydra 是网络登录口令爆破工具,支持 SSH、FTP、HTTP、SMB 等多种协议。 - **主要功能:** - - 支持多种协议(SSH, FTP, HTTP, SMB等) - - 快速并行破解 - - 支持用户名和密码字典 - - 可恢复的会话 + **调用约定(必读):** + - 必须提供 **用户名**:`username`(-l)或 `username_file`(-L)至少其一 + - 必须提供 **口令**:`password`(-p)、`password_file`(-P)或 `-C`(经 `additional_args`)至少其一 + - **先用小字典试跑**(几十~几百条),确认目标可达再扩大;禁止默认使用 rockyou 等超大字典 + - 默认已启用:找到即停(-f)、并行 4(-t)、忽略 restore(-I);长任务请设 `output_file` - **使用场景:** - - 密码强度测试 - - 渗透测试 - - 安全评估 - - 弱密码检测 + **CLI 顺序:** `hydra [选项] `(本工具已按此顺序组参,勿把 target 写在选项前) + + **使用场景:** 授权环境下的弱口令检测、密码强度评估 + + **注意:** 仅用于已授权目标;对无响应目标请减小 `wait_time` 或缩小字典,避免长时间挂起。 parameters: - - name: "target" - type: "string" - description: "目标IP或主机名" - required: true - position: 0 - format: "positional" - - name: "service" - type: "string" - description: "服务类型(ssh, ftp, http等)" - required: true - position: 1 - format: "positional" - name: "username" type: "string" - description: "单个用户名" + description: "单个用户名(-l);与 username_file 二选一至少填一个" required: false flag: "-l" format: "flag" - name: "username_file" type: "string" - description: "用户名字典文件" + description: "用户名字典文件(-L)" required: false flag: "-L" format: "flag" - name: "password" type: "string" - description: "单个密码" + description: "单个密码(-p)" required: false flag: "-p" format: "flag" - name: "password_file" type: "string" - description: "密码字典文件" + description: "密码字典文件(-P);优先使用小字典试跑" required: false flag: "-P" format: "flag" + - name: "stop_on_first" + type: "bool" + description: "找到一对有效账密后立即退出(-f,默认 true)" + required: false + flag: "-f" + format: "flag" + default: true + - name: "tasks" + type: "int" + description: "每目标并行连接数(-t);SSH 等建议 4,默认 4" + required: false + flag: "-t" + format: "flag" + default: 4 + - name: "wait_time" + type: "int" + description: "单次连接等待响应秒数(-w),默认 16(低于 Hydra 默认 32,减少挂起感)" + required: false + flag: "-w" + format: "flag" + default: 16 + - name: "wait_between" + type: "int" + description: "每线程连接间隔秒数(-W),默认 1" + required: false + flag: "-W" + format: "flag" + default: 1 + - name: "output_file" + type: "string" + description: "将结果写入文件(-o),长任务建议指定" + required: false + flag: "-o" + format: "flag" + - name: "target" + type: "string" + description: "目标 IP、主机名或 CIDR(须在选项之后)" + required: true + position: 1 + format: "positional" + - name: "service" + type: "string" + description: "服务类型(ssh、ftp、http-get、http-post-form、smb 等,见 hydra -h)" + required: true + position: 2 + format: "positional" - name: "additional_args" type: "string" - description: "额外的Hydra参数" + description: "额外参数(如 -s 端口、-S SSL、-m 模块选项、-C login:pass 文件),追加在命令末尾" required: false format: "positional"