medusa
Brute-force authentication cracking tool
TLDR
List all installed modules
Show usage example of a specific module (use medusa -d for listing all installed modules)
Execute brute force against an FTP server using a file containing usernames and a file containing passwords
Execute a login attempt against an HTTP server using the username, password and user-agent specified
Execute a brute force against a MySQL server using a file containing usernames and a hash
Execute a brute force against a list of SMB servers using a username and a pwdump file
SYNOPSIS
medusa -h target -u user -P password_file -M module [options]
medusa -H target_file -U user_file -p password -M module [options]
PARAMETERS
-h
Specifies the target host or IP address.
-H
Specifies a file containing multiple target hosts/IPs, one per line.
-u
Specifies a single username to test.
-U
Specifies a file containing multiple usernames, one per line.
-p
Specifies a single password to test.
-P
Specifies a file containing multiple passwords, one per line.
-M
Specifies the authentication module to use (e.g., ftp, http, ssh, smb).
-e
Adds extra options for the chosen module (e.g., /admin for http module, 'domain=example' for smb).
-f
Stops testing after the first successful username/password combination is found.
-t
Sets the number of total concurrent threads (default is 10).
-T
Sets the number of concurrent hosts to test simultaneously.
-n
Specifies a non-default port for the service.
-s
Uses SSL for connection if supported by the module.
-r
Resumes a previous brute-force attack from a checkpoint file.
-v
Sets the verbosity level (0=quiet, 1=normal, 2=verbose, 3=debug).
-L
Lists all available modules and exits.
-w
Specifies the delay in seconds between connection attempts.
DESCRIPTION
Medusa is a speedy and modular command-line tool designed for brute-forcing network authentication services. It supports concurrent testing of multiple protocols like FTP, HTTP, SSH, Telnet, SMB, and more, making it a versatile choice for security assessments. Unlike single-threaded tools, Medusa can launch dictionary attacks or brute-force attacks against user accounts and passwords in parallel across numerous hosts or against a single host with multiple threads. This parallel processing significantly accelerates the discovery of weak credentials. Its modular design allows for easy extension to new services. Medusa is commonly used by penetration testers to identify vulnerabilities arising from weak or default passwords within a network, ensuring compliance and enhancing overall security posture.
CAVEATS
Using Medusa can generate a significant amount of network traffic and failed login attempts, which may trigger intrusion detection/prevention systems (IDS/IPS) or lead to account lockouts on the target systems. It is crucial to obtain explicit authorization before using this tool against any system not owned or managed by you. Unauthorized use can have severe legal consequences.
MODULES
Medusa's strength lies in its modular design, supporting a wide array of services. To see the list of available modules, use the command `medusa -L`. Each module is specifically designed to interact with a particular service's authentication mechanism, such as ftp, http, ssh, smb, pop3, imap, vnc, rlogin, and many others.
ETHICAL USE
It is imperative that Medusa only be used for legitimate purposes, such as penetration testing on systems where you have explicit permission. Unauthorized brute-forcing is illegal and unethical. Responsible use ensures the tool serves its intended purpose of identifying security weaknesses, not exploiting them maliciously.
HISTORY
Medusa was developed by JoMo-Kun and has been a staple in the open-source penetration testing toolkit for many years. It's often included by default in security-focused Linux distributions like Kali Linux, building a reputation for its reliability and efficiency in cracking various network service authentications. Its modular architecture was a key design choice, allowing it to adapt and extend support for new protocols and authentication methods over time.