I've never used the Hydra features in Nessus before, but now think I have a good reason to .. I would like to guess from dictionary and then brute force the username/passwords of my routers running HTTP services to determine how difficult they are to crack.
Any suggestions on whether the Hydra features in Nessus would be appropriate here? I should probably kick off the same testing for Telnet as well, since some of the routers listen both on HTTP and Telnet. I've never run remote password cracking before, usually I'm using John the Ripper, crack32, or other apps in a local setting. I have a large dictionary file (>70meg) that I built using stuff I found while Googling. If anyone has advice on dictionary files most appropriate for routers (default accounts, etc.) that would be helpful. Thanks for the help, Mark
