Package: hydra
Version: 7.3-1
Severity: wishlist
Tags: patch
The package description for hydra (and hydra-gtk) has a number of
minor typos and language errors:
> Package: hydra
[...]
> Description: Very fast network logon cracker
(DevRef recommends not capitalising the first letter, but otherwise
this is fine. I could be pedantic about the fact that it's the
password that's cracked, not the "logon", but never mind.)
> Hydra is a parallized login cracker which supports numerous protocols
Typo: s/parallized/parallelized/
> to attack. New modules are easy to add, beside that, it is flexible and
Was this aiming for "and besides that" or "besides which"? Either
way, it has missed.
> very fast.
(In fact I'd suggest reshuffling to mention the speed and flexibility
first, then the extensibility.)
> .
> This tool gives researchers and security consultants the possiblity to
Typo (s/possiblity/possibility/), but it's not quite the right word
anyway. I would recommend "makes it possible for" them to do this.
> show how easy it would be to gain unauthorized access from remote to a
> system.
Is that "from somewhere that is remote to a system" or do you mean it
in the sense of "from A to B"? Just say "to gain unauthorized access
to a system remotely".
> .
> Currently this tool supports:
Repeating "this tool" is slightly awkward; either say "hydra" or just
"it". And this newline is pointless, since whitespace formatting
isn't respected within ordinary non-verbatim paragraphs, and gets
re-flowed in displays like http://packages.debian.org/sid/hydra
> TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, LDAP, SMB, SMBNT, MS-SQL, MySQL,
> REXEC, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, Cisco auth,
> Cisco enable, Cisco AAA (incorporated in telnet module).
There's no reason for "TELNET", "-PROXY", or REXEC to be all-caps,
and the ordering is just close enough to alphabetical for the flaws to
be annoying (I'll sort it but leave the Cisco ones to the end). The
equivalent list on the Hydra homepage includes quite a few other
protocols - do they all require non-free plugins, or is this list
stale (as one might guess from the inclusion of SMBNT and omission of
SSH), or what? I'm at least suspicious enough to remove the claim
that this list is what it *currently* supports (which is useless
anyway without a last-modified date).
While I'm fixing hydra's package description I'd better do the rest of
the control file:
> Package: hydra-gtk
[...]
> Description: Very fast network logon cracker - GTK+ based GUI
> Hydra is a parallized login cracker which supports numerous protocols
> to attack. New modules are easy to add, beside that, it is flexible and
> very fast.
> .
> This tool gives researchers and security consultants the possiblity to
> show how easy it would be to gain unauthorized access from remote to a
> system.
> .
> Currently this tool supports:
> TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, LDAP, SMB, SMBNT, MS-SQL, MySQL,
> REXEC, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, Cisco auth,
> Cisco enable, Cisco AAA (incorporated in telnet module).
As above.
> .
> This package is the GTK+ based GUI for hydra.
Technically the package isn't the GUI; the package *provides* the GUI.
So my suggested version is:
| Package: hydra
[...]
| Description: very fast network logon cracker
| Hydra is a parallelized login cracker which supports numerous protocols
| to attack. It is very fast and flexible, and new modules are easy to add.
| .
| This tool makes it possible for researchers and security consultants to
| show how easy it would be to gain unauthorized access to a system
| remotely.
| .
| It supports: FTP, HTTP(S), HTTP-Proxy, ICQ, IMAP, LDAP, MS-SQL, MySQL,
| NNTP, PC-NFS, POP3, rexec, SMB(NT), SOCKS5, telnet, VNC, Cisco auth,
| Cisco enable, Cisco AAA (incorporated in the telnet module).
|
| Package: hydra-gtk
[...]
| Description: very fast network logon cracker - GTK+ based GUI
| Hydra is a parallelized login cracker which supports numerous protocols
| to attack. It is very fast and flexible, and new modules are easy to add.
| .
| This tool makes it possible for researchers and security consultants to
| show how easy it would be to gain unauthorized access to a system
| remotely.
| .
| It supports: FTP, HTTP(S), HTTP-Proxy, ICQ, IMAP, LDAP, MS-SQL, MySQL,
| NNTP, PC-NFS, POP3, rexec, SMB(NT), SOCKS5, telnet, VNC, Cisco auth,
| Cisco enable, Cisco AAA (incorporated in the telnet module).
| .
| This package provides the GTK+ based GUI for hydra.
Alternative version of that list (not in my patch):
¦ It supports: AFP, Cisco, CVS, Firebird, FTP, HTTP(-Proxy), ICQ, IMAP,
¦ IRC, LDAP, MS-/My/PostgreSQL, NCP, NNTP, Oracle, PC-NFS, pcAnywhere,
¦ POP3, RDP, rexec/rlogin/rsh, SAP-R3, SIP, SMB, SNMP, SOCKS, SSH, SVN,
¦ TeamSpeak, telnet, VMware, VNC, XMPP.
(This leaves out the details for Cisco, since similar complications
are ignored for many other protocols.)
--
JBR
Ankh kak! (Ancient Egyptian blessing)
diff -ru hydra-7.3.pristine/debian/control hydra-7.3/debian/control
--- hydra-7.3.pristine/debian/control 2012-05-24 02:36:34.000000000 +0100
+++ hydra-7.3/debian/control 2012-07-06 16:49:38.591392900 +0100
@@ -26,35 +26,31 @@
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Suggests: hydra-gtk
-Description: Very fast network logon cracker
- Hydra is a parallized login cracker which supports numerous protocols
- to attack. New modules are easy to add, beside that, it is flexible and
- very fast.
+Description: very fast network logon cracker
+ Hydra is a parallelized login cracker which supports numerous protocols
+ to attack. It is very fast and flexible, and new modules are easy to add.
.
- This tool gives researchers and security consultants the possiblity to
- show how easy it would be to gain unauthorized access from remote to a
- system.
+ This tool makes it possible for researchers and security consultants to
+ show how easy it would be to gain unauthorized access to a system
+ remotely.
.
- Currently this tool supports:
- TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, LDAP, SMB, SMBNT, MS-SQL, MySQL,
- REXEC, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, Cisco auth,
- Cisco enable, Cisco AAA (incorporated in telnet module).
+ It supports: FTP, HTTP(S), HTTP-Proxy, ICQ, IMAP, LDAP, MS-SQL, MySQL,
+ NNTP, PC-NFS, POP3, rexec, SMB(NT), SOCKS5, telnet, VNC, Cisco auth,
+ Cisco enable, Cisco AAA (incorporated in the telnet module).
Package: hydra-gtk
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, hydra (>= 6.1-1)
-Description: Very fast network logon cracker - GTK+ based GUI
- Hydra is a parallized login cracker which supports numerous protocols
- to attack. New modules are easy to add, beside that, it is flexible and
- very fast.
+Description: very fast network logon cracker - GTK+ based GUI
+ Hydra is a parallelized login cracker which supports numerous protocols
+ to attack. It is very fast and flexible, and new modules are easy to add.
.
- This tool gives researchers and security consultants the possiblity to
- show how easy it would be to gain unauthorized access from remote to a
- system.
+ This tool makes it possible for researchers and security consultants to
+ show how easy it would be to gain unauthorized access to a system
+ remotely.
.
- Currently this tool supports:
- TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, LDAP, SMB, SMBNT, MS-SQL, MySQL,
- REXEC, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, Cisco auth,
- Cisco enable, Cisco AAA (incorporated in telnet module).
+ It supports: FTP, HTTP(S), HTTP-Proxy, ICQ, IMAP, LDAP, MS-SQL, MySQL,
+ NNTP, PC-NFS, POP3, rexec, SMB(NT), SOCKS5, telnet, VNC, Cisco auth,
+ Cisco enable, Cisco AAA (incorporated in the telnet module).
.
- This package is the GTK+ based GUI for hydra.
+ This package provides the GTK+ based GUI for hydra.
