Description
Medusa is a speedy, parallel, modular login brute-forcer supporting many services. It's designed for speed with thread-based parallel testing.
Installation
BASH
# Debian/Ubuntu
sudo apt install medusa
# From source
git clone https://github.com/jmk-foofus/medusa.git
cd medusa && ./configure && make && sudo make installBasic Usage
BASH
# SSH brute force
medusa -h target.com -u admin -P passwords.txt -M ssh
# FTP brute force
medusa -h target.com -U users.txt -P passwords.txt -M ftpAdvanced Usage
BASH
# Parallel threads
medusa -h target.com -u admin -P passwords.txt -M ssh -t 10
# Multiple hosts
medusa -H hosts.txt -u admin -P passwords.txt -M ssh
# HTTP form
medusa -h target.com -u admin -P passwords.txt -M web-form -m FORM:"login.php" -m FORM-DATA:"user=&pass=" -m DENY-SIGNAL:"incorrect"
# Verbose output
medusa -h target.com -u admin -P passwords.txt -M ssh -v 4Common Workflows
BASH
# Spray default credentials across network
medusa -H targets.txt -U users.txt -p "Password123" -M ssh -t 5
# SMB brute force
medusa -h target.com -u administrator -P passwords.txt -M smbnt