medusa

List all installed modules

$ medusa -d

$ medusa -M [ssh|http|web-form|postgres|ftp|mysql|...] -q

$ medusa -M ftp -h host -U [path/to/username_file] -P [path/to/password_file]

$ medusa -M HTTP -h host -u [username] -p [password] -m USER-AGENT:"[Agent]"

$ medusa -M mysql -h host -U [path/to/username_file] -p [hash] -m PASS:HASH

$ medusa -M smbnt -H [path/to/hosts_file] -C [path/to/pwdump_file] -u [username] -m PASS:HASH

medusa -h target -u user -P password_file -M module [options]
medusa -H target_file -U user_file -p password -M module [options]

-h
    Specifies the target host or IP address.

-H
    Specifies a file containing multiple target hosts/IPs, one per line.

-u
    Specifies a single username to test.

-U
    Specifies a file containing multiple usernames, one per line.

-p
    Specifies a single password to test.

-P
    Specifies a file containing multiple passwords, one per line.

-M
    Specifies the authentication module to use (e.g., ftp, http, ssh, smb).

-e
    Adds extra options for the chosen module (e.g., /admin for http module, 'domain=example' for smb).

-f
    Stops testing after the first successful username/password combination is found.

-t
    Sets the number of total concurrent threads (default is 10).

-T
    Sets the number of concurrent hosts to test simultaneously.

-n
    Specifies a non-default port for the service.

-s
    Uses SSL for connection if supported by the module.

-r
    Resumes a previous brute-force attack from a checkpoint file.

-v
    Sets the verbosity level (0=quiet, 1=normal, 2=verbose, 3=debug).

-L
    Lists all available modules and exits.

-w
    Specifies the delay in seconds between connection attempts.

Medusa is a speedy and modular command-line tool designed for brute-forcing network authentication services. It supports concurrent testing of multiple protocols like FTP, HTTP, SSH, Telnet, SMB, and more, making it a versatile choice for security assessments. Unlike single-threaded tools, Medusa can launch dictionary attacks or brute-force attacks against user accounts and passwords in parallel across numerous hosts or against a single host with multiple threads. This parallel processing significantly accelerates the discovery of weak credentials. Its modular design allows for easy extension to new services. Medusa is commonly used by penetration testers to identify vulnerabilities arising from weak or default passwords within a network, ensuring compliance and enhancing overall security posture.

Using Medusa can generate a significant amount of network traffic and failed login attempts, which may trigger intrusion detection/prevention systems (IDS/IPS) or lead to account lockouts on the target systems. It is crucial to obtain explicit authorization before using this tool against any system not owned or managed by you. Unauthorized use can have severe legal consequences.

Medusa's strength lies in its modular design, supporting a wide array of services. To see the list of available modules, use the command `medusa -L`. Each module is specifically designed to interact with a particular service's authentication mechanism, such as ftp, http, ssh, smb, pop3, imap, vnc, rlogin, and many others.

It is imperative that Medusa only be used for legitimate purposes, such as penetration testing on systems where you have explicit permission. Unauthorized brute-forcing is illegal and unethical. Responsible use ensures the tool serves its intended purpose of identifying security weaknesses, not exploiting them maliciously.

Medusa was developed by JoMo-Kun and has been a staple in the open-source penetration testing toolkit for many years. It's often included by default in security-focused Linux distributions like Kali Linux, building a reputation for its reliability and efficiency in cracking various network service authentications. Its modular architecture was a key design choice, allowing it to adapt and extend support for new protocols and authentication methods over time.

hydra(1), ncrack(1), john(1), hashcat(1)