Hydra

Hydra is a popular open-source password cracking tool used for performing brute force attacks on various online services. It supports multiple protocols, such as HTTP, FTP, SSH, and more. Hydra allows attackers to attempt numerous username and password combinations to gain unauthorized access to accounts or systems. It is widely used by security professionals for penetration testing and assessing password security.

Installation :

sudo apt install hydra

---

Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] 
[-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] 
[-x MIN:MAX:CHARSET] [-c TIME] [-ISOuvVd46] [-m MODULE_OPT] [service://server[:PORT]
[/OPT]]

Options:
  -l LOGIN or -L FILE  login with LOGIN name, or load several logins from FILE
  -p PASS  or -P FILE  try password PASS, or load several passwords from FILE
  -C FILE   colon separated "login:pass" format, instead of -L/-P options
  -M FILE   list of servers to attack, one entry per line, ':' to specify port
  -t TASKS  run TASKS number of connects in parallel per target (default: 16)
  -U        service module usage details
  -m OPT    options specific for a module, see -U output for information
  -h        more command line options (COMPLETE HELP)
  server    the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
  service   the service to crack (see below for supported protocols)
  OPT       some service modules support additional input (-U for module help)

Supported services: 
  adam6500 asterisk cisco cisco-enable cobaltstrike cvs firebird
  ftp[s] http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum 
  icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] memcached mongodb mssql
  mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 
  rdp redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 
  ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp

Examples :

hydra -L users.txt -P pass.txt 192.168.10.1 rdp