Medusa
Medusa is a fast, parallel, and modular login brute-forcer designed to support remote authentication across various services. It features thread-based parallel testing, flexible input options for targets, and a modular design for easy extension. Medusa supports multiple protocols, including SMB, HTTP, MS-SQL, SSH, and more.
Documentation: https://jmk-foofus.github.io/medusa/medusa.html
Installation
sudo apt install medusa
Example Usage
medusa [-h host|-H file] [-u username|-U file] [-p password|-P file] [-C file] -M module [OPT]
Cheat Sheet
| Service/Protocol | Example Command |
|---|---|
| SSH | medusa -h 10.10.10.10 -u admin -P passwords.txt -M ssh |
| FTP | medusa -h 10.10.10.10 -U users.txt -P passwords.txt -M ftp -t 5 |
| RDP | medusa -h 10.10.10.10 -u admin -P passwords.txt -M rdp |
| HTTP GET | medusa -h 10.10.10.10 -U users.txt -P passwords.txt -M http |
Some Flags
| Flag | Description | Example |
|---|---|---|
-O FILE | File to append log information to. | medusa -h 10.10.10.10 -u admin -P passwords.txt -M ssh -O log.txt |
-e [n/s/ns] | Additional password checks: n for No Password, s for Password = Username, ns for both. | medusa -h 10.10.10.10 -u admin -P passwords.txt -M ssh -e ns |
-n NUM | Use for non-default TCP port number. | medusa -h 10.10.10.10 -u admin -P passwords.txt -M ssh -n 2222 |
-s | Enable SSL for secure connections. | medusa -h 10.10.10.10 -u admin -P passwords.txt -M ftp -s |
-r NUM | Sleep NUM seconds between retry attempts (default is 3). | medusa -h 10.10.10.10 -u admin -P passwords.txt -M ssh -r 2 |
-R NUM | Attempt NUM retries before giving up. | medusa -h 10.10.10.10 -u admin -P passwords.txt -M ssh -R 5 |
-t NUM | Total number of logins to be tested concurrently. | medusa -h 10.10.10.10 -u admin -P passwords.txt -M ssh -t 10 |
-T NUM | Total number of hosts to be tested concurrently. | medusa -h 10.10.10.10 -u admin -P passwords.txt -M ftp -T 20 |
-L | Parallelize logins using one username per thread. The default is to process the entire username list before moving to the next. | medusa -h 10.10.10.10 -u admin -P passwords.txt -M ssh -L |
-f | Stop scanning host after first valid username/password pair is found. | medusa -h 10.10.10.10 -u admin -P passwords.txt -M ssh -f |
-F | Stop after finding the first valid username/password pair across all hosts. | medusa -h 10.10.10.10 -u admin -P passwords.txt -M ssh -F |
-b | Suppress startup banner. | medusa -h 10.10.10.10 -u admin -P passwords.txt -M ssh -b |
-v NUM | Set verbose output level (0 - 6, where 6 is the most detailed). | medusa -h 10.10.10.10 -u admin -P passwords.txt -M ssh -v 3 |
-w NUM | Set error debug level (0 - 10, where 10 is the most detailed). | medusa -h 10.10.10.10 -u admin -P passwords.txt -M ssh -w 5 |