LinuxCommandLibrary

medusa

Brute-force authentication cracking tool

TLDR

List all installed modules

$ medusa -d
copy

Show usage example of a specific module (use medusa -d for listing all installed modules)
$ medusa -M [ssh|http|web-form|postgres|ftp|mysql|...] -q
copy

Execute brute force against an FTP server using a file containing usernames and a file containing passwords
$ medusa -M ftp -h host -U [path/to/username_file] -P [path/to/password_file]
copy

Execute a login attempt against an HTTP server using the username, password and user-agent specified
$ medusa -M HTTP -h host -u [username] -p [password] -m USER-AGENT:"[Agent]"
copy

Execute a brute force against a MySQL server using a file containing usernames and a hash
$ medusa -M mysql -h host -U [path/to/username_file] -p [hash] -m PASS:HASH
copy

Execute a brute force against a list of SMB servers using a username and a pwdump file
$ medusa -M smbnt -H [path/to/hosts_file] -C [path/to/pwdump_file] -u [username] -m PASS:HASH
copy

SYNOPSIS


medusa -h target -u user -P password_file -M module [options]
medusa -H target_file -U user_file -p password -M module [options]

PARAMETERS

-h
    Specifies the target host or IP address.

-H
    Specifies a file containing multiple target hosts/IPs, one per line.

-u
    Specifies a single username to test.

-U
    Specifies a file containing multiple usernames, one per line.

-p
    Specifies a single password to test.

-P
    Specifies a file containing multiple passwords, one per line.

-M
    Specifies the authentication module to use (e.g., ftp, http, ssh, smb).

-e
    Adds extra options for the chosen module (e.g., /admin for http module, 'domain=example' for smb).

-f
    Stops testing after the first successful username/password combination is found.

-t
    Sets the number of total concurrent threads (default is 10).

-T
    Sets the number of concurrent hosts to test simultaneously.

-n
    Specifies a non-default port for the service.

-s
    Uses SSL for connection if supported by the module.

-r
    Resumes a previous brute-force attack from a checkpoint file.

-v
    Sets the verbosity level (0=quiet, 1=normal, 2=verbose, 3=debug).

-L
    Lists all available modules and exits.

-w
    Specifies the delay in seconds between connection attempts.

DESCRIPTION

Medusa is a speedy and modular command-line tool designed for brute-forcing network authentication services. It supports concurrent testing of multiple protocols like FTP, HTTP, SSH, Telnet, SMB, and more, making it a versatile choice for security assessments. Unlike single-threaded tools, Medusa can launch dictionary attacks or brute-force attacks against user accounts and passwords in parallel across numerous hosts or against a single host with multiple threads. This parallel processing significantly accelerates the discovery of weak credentials. Its modular design allows for easy extension to new services. Medusa is commonly used by penetration testers to identify vulnerabilities arising from weak or default passwords within a network, ensuring compliance and enhancing overall security posture.

CAVEATS

Using Medusa can generate a significant amount of network traffic and failed login attempts, which may trigger intrusion detection/prevention systems (IDS/IPS) or lead to account lockouts on the target systems. It is crucial to obtain explicit authorization before using this tool against any system not owned or managed by you. Unauthorized use can have severe legal consequences.

MODULES

Medusa's strength lies in its modular design, supporting a wide array of services. To see the list of available modules, use the command `medusa -L`. Each module is specifically designed to interact with a particular service's authentication mechanism, such as ftp, http, ssh, smb, pop3, imap, vnc, rlogin, and many others.

ETHICAL USE

It is imperative that Medusa only be used for legitimate purposes, such as penetration testing on systems where you have explicit permission. Unauthorized brute-forcing is illegal and unethical. Responsible use ensures the tool serves its intended purpose of identifying security weaknesses, not exploiting them maliciously.

HISTORY

Medusa was developed by JoMo-Kun and has been a staple in the open-source penetration testing toolkit for many years. It's often included by default in security-focused Linux distributions like Kali Linux, building a reputation for its reliability and efficiency in cracking various network service authentications. Its modular architecture was a key design choice, allowing it to adapt and extend support for new protocols and authentication methods over time.

SEE ALSO

hydra(1), ncrack(1), john(1), hashcat(1)

Copied to clipboard