Medusa is a powerful and flexible network security tool designed for brute-force attacks. It supports various protocols and offers extensive options for customization and efficiency. This section provides a guide to common Medusa commands and their usage.
To view all currently installed modules, use the -d flag:
medusa -dTo get specific options for a particular module, use the -M flag followed by the module name and the -q flag:
medusa -M [module_name] -qTest all passwords in a specified file against a target user on a host. This example demonstrates testing against SMB, SSH, MySQL, or HTTP services:
medusa -h 192.168.1.20 -u admin -P passwords.txt -M [smbnt | ssh | mssql | http]Medusa allows for concurrent attacks to speed up the brute-forcing process. The following command demonstrates brute-forcing 10 hosts and 5 users concurrently. Each of the 5 threads targets a host and checks a specific user:
medusa -H hosts.txt -U users.txt -P passwords.txt -T 10 -t 5 -L -F -M smbnt-T 10: Sets the maximum number of threads to 10.-t 5: Sets the number of parallel tasks per thread to 5.-L: Enables logging of all attempted credentials.-F: Forces Medusa to continue even if it encounters errors.
Medusa supports a "combo" file format where username, password, and host data can be combined. This simplifies the input for large-scale attacks.
The possible combinations within a combo file are:
host:username:passwordhost:username:host:::username:password:username:::passwordhost::password:id:lm:ntlm:::(for PwDump files)
To test each username/password entry from a combo file, use the -C flag:
medusa -M smbnt -C combo.txtFor further information on network security and brute-force techniques, consider exploring these resources: