LinuxCommandLibrary

medusa

TLDR

Brute-force SSH login with a password list

$ medusa -h [192.168.1.1] -u [admin] -P [passwords.txt] -M ssh
copy
Test multiple hosts from a file
$ medusa -H [hosts.txt] -u [admin] -P [passwords.txt] -M ssh
copy
Brute-force with username and password lists
$ medusa -h [target] -U [users.txt] -P [passwords.txt] -M ftp
copy
Use combo file (host:user:password format)
$ medusa -C [combos.txt] -M ssh
copy
Stop after first valid credential found
$ medusa -h [target] -u [admin] -P [passwords.txt] -M ssh -f
copy
Specify non-default port and increase threads
$ medusa -h [target] -n [2222] -u [root] -P [passwords.txt] -M ssh -t [20]
copy
List available modules
$ medusa -d
copy
Test null password and username as password
$ medusa -h [target] -u [admin] -P [passwords.txt] -M ssh -e ns
copy

SYNOPSIS

medusa [-h host|-H file] [-u user|-U file] [-p pass|-P file] -M module [options]

DESCRIPTION

medusa is a fast, parallel, modular login brute-forcer for network services. It is designed to perform rapid credential testing against multiple hosts, users, or passwords concurrently using a thread-based architecture.
Each service is supported through independent modules (.mod files), allowing the tool to be extended without modifying the core application. Supported protocols include SSH, FTP, HTTP, IMAP, SMB, MySQL, PostgreSQL, Telnet, VNC, and many others.
Medusa can test credentials from files, combo lists, or command-line arguments. It supports SSL connections, custom ports, and can save valid credentials to a log file. The resume feature allows interrupted scans to continue from where they stopped.

PARAMETERS

-h HOST

Target hostname or IP address
-H FILE
File containing target hosts
-u USER
Username to test
-U FILE
File containing usernames
-p PASS
Password to test
-P FILE
File containing passwords
-C FILE
Combo file (host:user:password format)
-M MODULE
Authentication module (ssh, ftp, http, smb, telnet, etc.)
-m PARAM
Module-specific parameters
-n PORT
Non-default port number
-s
Enable SSL
-t NUM
Total concurrent threads (default: 10)
-T NUM
Concurrent hosts to test
-L
Parallelize logins per username
-f
Stop after first valid credential per host
-F
Stop after first valid credential overall
-e [n/s/ns]
Additional checks: n=no password, s=password equals username
-g SECS
Connection timeout (default: 3)
-r SECS
Retry delay (default: 3)
-R NUM
Number of retries
-O FILE
Log output to file
-v NUM
Verbose level (0-6, default: 5)
-d
List all available modules
-q
Display module usage information
-Z MAP
Resume previous scan

CAVEATS

Brute-force attacks generate significant network traffic and log entries on target systems. Many services implement account lockout after failed attempts. Only use on systems you own or have explicit authorization to test. Some modules may require specific parameters for proper operation. SSL support depends on the module.

HISTORY

Medusa was developed by Joe Mondloch (JoMo-Kun) and first released around 2005. The name references the mythological creature with multiple snake heads, symbolizing the tool's ability to attack multiple targets simultaneously. It was designed as an alternative to Hydra, focusing on modularity and parallel testing capabilities. The project remains popular for network security assessments and penetration testing.

SEE ALSO

hydra(1), ncrack(1), john(1), hashcat(1)

Copied to clipboard