Changelog for hydra
-------------------

Release 4.1
###########
* Snakebyte wrote a very nice GTK GUI for hydra! enjoy!
* due a bug, sometimes hydra would kill process -1 ... baaaad boy!
* found passwords are now also printed to stdout if -o option is used
* <je@sekure.net> reported that hydra wouldn't complain on ssh2 option if
  compiled without support, fixed
* <llevier@argosnet.com> made an official port for FreeBSD and sent me a
  diff to exchange the MD4 of libdes to openssl
* <vh@helith.net> noticed that hydra will crash on big wordlists as
  the result of the mallocs there were not checked, fixed
* Snakebyte expanded his PalmOS Version of hydra to nntp and fixed vnc
* Increased the wait time for children from 5 to 15 seconds, as e.g.
  snakebyte reported detection problems
* Fixed some display glitches


Release v4.0
############
#
# This is a summary of changes of the D1 to D5 beta releases and shows
# what makes v4.0 different from 3.1.
# Have fun. Lots of it.
#
# By the way: I need someone to program a nice GTK frontend for hydra,
# would YOU like to do that and receive the fame? Send an email to vh@thc.org !
#
* For the first time there is not only a UNIX/source release but additionally:
   ! Windows release (cygwin compile with dll's)
   ! PalmPilot release
   ! ARM processor release (for all your Zaurus, iPaq etc. running Linux)
* There are new service attack module:
   ! ms-sql
   ! sap r/3 (requires a library)
   ! ssh v2 (requires a library)
* Enhancements/Fixes to service attack modules:
   ! vnc module didnt work correctly, fixed
   ! mysql module supports newer versions now
   ! http module received a minor fix and has better virtual host support now
   ! http-proxy supports now an optional URL
   ! socks5 checks now for false positives and daemons without authentication
* The core code (hydra.c) was rewritten from scratch
   ! rewrote the internal distribution functions from scratch. code is now
     safer, less error prone, easier to read.
   ! multiple target support rewritten which now includes intelligent load
     balancing based on success, error and load rate
   ! intelligently detect maximum connect numbers for services (per server if
     multiple targets are used)
   ! intelligent restore file writing
   ! Faster (up to 15%)
   ! Full Cygwin and Cygwin IPv6 support
* added new tool: pw-inspector - it can be used to just try passwords which
  matches the target's password policy
#
# This should be more than enough! :-)
#

... the rest below is history ...

###########################################################################
#
# New Hydra v4.0 code branch
#
Release D5
* added patches by kan@dcit.cz which enhance the proxy module and provide
  a small fix for the http module
* small beautifcations to make the compiler happy
! This is the final beta version before public release
  - please test everything!

Release D4
* Tick made an update to his configure-arm
* snakebyte@gmx.de added imap, vnc and cisco module support to PalmPilot
* fixed VNC module
* enhanced mysql module to work also with 4.0.x (and all future protocol 10
  mysql protocol types)
* enhanced socks5 module to identify daemons which do not require
  authentication, and false positive check (otherwise dante would report all
  tries as successful)
* fixed a bug in configure for D3 which resulted in compile problems on
  several platforms requiring libcrypto

Release D3
* added sapr3 attack module (requires libsdk.a and saprfc.h)
* added ssh2 attack module (requires libssh)
* snakebyte@gmx.de added telnet module support for PalmPilot
* fixed the mssql module, should work now
* fixed -e option bug
* fixed -C option bug (didnt work at all!!)
* fixed double detection (with -e option) plus added simple dictionary
  double detection
* target port is now displayed on start

Release D2
* added better virtual host support to the www/http/https/ssl module
  (based on a patch from alla@scanit.be)
* added ARM support (does not work for libdes yet, ssl works), done by
  Tick <tick@thc.org>
* added Palm support (well, in reality it is more a rewrite which can use
  the hydra-modules), done by snakebyte <snakebyte@gmx.de>
* added ms-sql attack module (code based on perl script form HD Moore
  <hdm@digitaloffense.net>, thanks for contributing)

Release D1 (3 March 2003)
* rewrote the internal distribution functions from scratch. code is now
  safer, less error prone, easier to read.
* multiple target support rewritten which now includes intelligent load
  balancing based on success, error and load rate
* intelligently detect maximum connect numbers for services (per server if
  multiple targets are used)
* intelligent restore file writing
* Faster (up to 15%)
* Full Cygwin and Cygwin IPv6 support
* added new tool: pw-inspector - it can be used to just try passwords which
  matches the target's password policy

###########################################################################

v3.0 (FEBRUARY 2004)		PUBLIC RELEASE
* added a restore function to enable you to continue aborted/crashed
  sessions. Just type "hydra -R" to continue a session.
  NOTE: this does not work with the -M option! This feature is then disabled!
* added a module for http proxy authentication cracking ("http-proxy") :-)
* added HTTP and SSL/CONNECT proxy support. SSL/CONNECT proxy support works
  for *all* TCP protocols, you just need to find a proxy which allows you to
  CONNECT on port 23 ...
  The environment variable HYDRA_PROXY_HTTP defines the web proxy. The
  following syntax is valid: HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
  Same for HYDRA_PROXY_CONNECT.
  If you require authentication for the proxy, use the HYDRA_PROXY_AUTH
  environment variable:
    HYDRA_PROXY_AUTH="login:password"
* fixed parallel host scanning engine (thanks to m0j0.j0j0 for reporting)
* A status, speed and time to completion report is now printed every minute.
* finally updated the README

v2.9 (FEBRUARY 2004)		PRIVATE RELEASE
...

v2.8 (JANUARY 2004)		PRIVATE RELEASE
...

v2.7 (JANUARY 2004)		PUBLIC RELEASE
* small fix for the parallel host code (thanks to m0j0@foofus.net)

v2.6 (DECEMBER 2003)		PUBLIC RELEASE
* fixed a compiling problem for picky compilers.

v2.5 (NOVEMBER 2003)		PUBLIC RELEASE
* added a big patch from m0j0@foofus.net which adds:
    - AAA authentication to the cisco-enable module
    - Running the attacks on hosts in parallel
    - new smbnt module, which uses lanman hashes for authentication, needs libdes
  ! great work and thanks !
* changed code to compile easily on FreeBSD
* changed configure to compile easily on MacOS X - Panther (cool OS btw ...)

v2.4 (AUGUST 2003)		PUBLIC RELEASE
* public release
=== 2.3 stuff===
* added mysql module (thanks to mcbethh@u-n-f.com)
* small fix in vnc (thanks to the Nessus team)
* added credits for vnc-module (FX/Phenolite)
* new ./configure script for better Solaris and *BSD support (copied from amap)
* updated to new email/www addresses => www.thc.org

v2.2 (OCTOBER 2002)		PUBLIC RELEASE
* fixed a bug in the -P passwordfile handling ... uhhh ... thanks to all
  the many people who reported that bug!
* added check if a password in -P passwordfile was already done via the
  -e n|s switch

v2.1 (APRIL 2002)		PUBLIC RELEASE
* added ldap cracking mode (thanks to myself, eh ;-)
* added -e option to try null passwords ("-e n") and passwords equal to the
  login ("-e s"). When specifying -e, -p/-P is optional (and vice versa)
* when a login is found, hydra will now go on with the next login

v2.0 (APRIL 2002)		PRIVATE RELEASE
! with v1.1.14 of Nessus, Hydra is a Nessus plugin!
* incorporated code to make hydra a nessus plugin (thanks to deraison@cvs.nessus.org !)
* added smb/samba/CIFS cracking mode (thanks to deraison@cvs.nessus.org !)
* added cisco-enable cracking mode (thanks to J.Marx@secunet.de !)
* minor enhancements and fixes

v1.7 (MARCH 2002)		PRIVATE RELEASE
* configure change to better detect OpenSSL
* ported to Solaris

v1.6 (FEBRUARY 2002)		PUBLIC RELEASE
* added socks5 support (thanks to bigbud@weed.tc !)

v1.5 (DECEMBER 2001)		PRIVATE RELEASE
* added -S option for SSL support (for all TCP based protocols)
* added -f option to stop attacking once a valid login/pw has been discovered
* made modules more hydra-mod compliant
* configure stuff thrown out - was not really used and too complicated,
  wrote my own, lets hope it works everywhere ;-)

v1.4 (DECEMBER 2001)		PUBLIC RELEASE
* added REXEC cracking module
* added NNTP cracking module
* added VNC cracking module (plus the 3DES library, which is needed) - some
  of the code ripped from FX/Phenolite :-) thanks a lot
* added PCNFS cracking module
* added ICQ cracking module (thanks to ocsic <pisco@private.as>!!)
* for the pcnfs cracking module, I had to add the hydra_connect_udp function
* added several compactibility stuff to work with all the M$ crap

v1.3 (September 2001)		PUBLIC RELEASE
* uh W2K telnetd sends null bytes in negotiation mode. workaround implemented.
* Rewrote the finish functions which would sometimes hang. Shutdowns are faster
  now as well.
* Fixed the line count (it was always one to much)
* Put more information in the outpufile (-o)
* Removed some configure crap.

v1.2 (August 2001)		PRIVATE RELEASE
* Fixed a BIG bug which resulted in accounts being checked serveral times. ugh
* Fixed the bug which showed the wrong password for a telnet hack. Works for
  me. please test.
* Added http basic authentication cracking. Works for me. please test.
* Fixed the ftp cracker module for occasions where a long welcome message was
  displayed for ftp.
* Removed some compiler warnings.

v1.1 (May 2001)			PUBLIC RELEASE
* Added wait+reconnect functionality to hydra-mod
* Additional wait+reconnect for cisco module
* Added small waittimes to all attack modules to prevent too fast reconnects
* Added cisco Username/Password support to the telnet module
* Fixed a deadlock in the modules, plus an additional one in the telnet module

v1.0 (April 2001)		PUBLIC RELEASE
* Verified that all service modules really work, no fix necessary ;-)
  ... so let's make it public
* Changed the LICENCE

v0.6 (April 2001)		PRIVATE RELEASE
* Added hydra-cisco.c for the cisco 3 times "Password:" type
* Added hydra-imap.c for the imap service
* Fixed a bug in hydra-mod.c: empty logins resulted in an empty
  hydra_get_next_password() :-(, additionally the blocking/recv works better
  now. (no, not better - perfect ;-)
* Fixed a bug in hydra-telnet.c: too many false alarms for success due some
  mis-thinking on my side and I also implemented a more flexible checking
* Fixed hydra-ftp.c to allow more weird reactions
* Fixed all ;-) memory leaks

v0.5 (December 2000)		PUBLIC RELEASE
* NOTE WE HAVE GOT A NEW WWW ADDRESS -> www.thehackerschoice.com
* added telnet protocol
* exchanged snprintf with sprintf(%.250s) to let it compile on more platforms
  but still have buffer overflow protection.
* fixed a bug in Makefile.in (introduced by Plasmo ,-)

v0.4 (August 2000)		PUBLIC RELEASE
* Plasmoid added a ./configure script. thanks!

v0.3 (August 2000)
* first release
