I have 2 big problems with commands.
If I want to bruteforce password in form and this form haven't got fields on one page and it has different protocols, username it is get and password is post. Also pages in BurpSuite haven't got neither no fields info (for USER and PASS), nor error message. Is it possible to overcome it?
Is it always necessary to write info about fields and error info? Can I don't use them in source with GET/ POST / SMTP protocol?
If SMTP source have defence and it could have false positives, does Hydra will fit? Could you please advice me another bruteforcer? What do you think about Legba?
Also Hydra writes that invalid target definition even when I write IP, URL, PROTOCOL