THC-Hydra rocks, it’s pretty much the most up to date and currently developed password brute forcing tool around at the moment.
It supports a LOT of services and protocols too.
Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallelized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast.
There are already several login hacker tools available, however none does either support more than one protocol to attack or support parallelized connects.
Currently this tool supports:
TELNET, FTP, HTTP-GET, HTTP-HEAD, HTTPS-GET, HTTP-HEAD, HTTP-PROXY, LDAP2,
LADP3, SMB, SMBNT, MS-SQL, MYSQL, POSTGRES, REXEC, SOCKS5, VNC, POP3, IMAP,
NNTP, PCNFS, ICQ, SAP/R3, Cisco auth, Cisco enable, SMTP-AUTH, SSH2, SNMP,
CVS, Cisco AAA.
However the module engine for new services is very easy so it won’t take a long time until even more services are supported. Planned are: SSH v1, Oracle and more…
This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system.
You can download Hydra here:
Compile and install (./configure; make; make install)
IF you want the windows version you can grab this Cygwin version: