Hi All,

So I'm trying to use hydra to bruteforce a login on a system that uses custom http headers to receive the username and password. Hydra does not seem to be doing substitution of ^USER^ and ^PASS^ when used as HTTP headers. If I issue issuing a call to hydra like this:

hydra "http-post://0.0.0.0:8000/:H=username\:^USER^:H=password\:^PASS^" -l admin -p admin

I see the following r

If you click Done without adding a single task it adds the group with a NULL value for tasks in the Database

Results in NoMethodError at /task_groups/list

Fixed by shutting off server and manually deleting line in database;

![image](https://user-images.githubusercontent.com

You should order masks by efficiency (occurrences/key_space) because this will lead to the less guesses to crack passwords.

Looking at the top 5:
https://github.com/kaonashi-passwords/Kaonashi/blob/5239bd333ed34993b43126a4499606ba70086034/masks/kaonashi_masks_numbered.txt#L1-L5

And ordering just the 1000 in kaonashi_masks_numbered.txt by efficiency the top 5 are now:

673407:?u?u?u?u

Add a little pop-up when you leave the mouse over a rule/word list. The pop-up would contain a description of the element which is indicated by the mouse.

I guess the descriptions need to be configurable/added in some way.