04 March 2009 | 19,401 views

Medusa v1.5 Released – Parallel, Modular Login Brute Forcing Tool

Check For Vulnerabilities with Acunetix

Finally an update to Medusa! Version 1.5 of Medusa is now available for public download. Medusa 1.4 was released quite some time back in November 2007 and before that Medusa 1.3 showed up November 2006.

You would have thought version 1.5 would have been released in November 2008! Looks like they missed by a few months.

What is Medusa?

Medusa is a speedy, massively parallel, modular, login brute-forcer for network services. Some of the key features of Medusa are:

  • Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
  • Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.
  • Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.

It currently has modules for the following services:

  • AFP
  • CVS
  • FTP
  • HTTP
  • IMAP
  • MS-SQL
  • MySQL
  • NCP (NetWare)
  • NNTP
  • PcAnywhere
  • POP3
  • PostgreSQL
  • rexec
  • rlogin
  • rsh
  • SMB
  • SNMP
  • SSHv2
  • SVN
  • Telnet
  • VmAuthd
  • VNC

It also includes a basic web form module and a generic wrapper module for external scripts.

While Medusa was designed to serve the same purpose as THC-Hydra, there are several significant differences – you can see a brief comparison here.

It’s been over a year since version 1.4 was released and there has been a bunch of changes. This release includes multiple bug fixes, several new modules and additional module functionality. The following is a quick rundown on some of the new features, if you wish to see a detailed ChangeLog it’s here.

  • AFP – new module (still marked as unstable)
  • HTTP – digest auth support
  • IMAP – STARTTLS, NTLM support
  • SMBNT – LM, LMv2, NTLMv2 support
  • SMTP – NTLM support
  • TELNET – AS/400 (TN5250) support
  • misc. core and module bug fixes

You can download Medusa v1.5 here:


Or read more here.


Recent in Hacking Tools:
- CMSmap – Content Management System Security Scanner
- Windows Credentials Editor (WCE) – List, Add & Change Logon Sessions
- Droopescan – Plugin Based CMS Security Scanner

Related Posts:
- Medusa 2.0 Released – Parallel Network Login Brute Forcing Tool
- Medusa Fast Parallel Password Cracker 1.3 Released
- Medusa 1.4 – Parallel Password Cracker Released for Download

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,891,980 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,102,631 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 635,298 views

Low-cost VPS Hosting

4 Responses to “Medusa v1.5 Released – Parallel, Modular Login Brute Forcing Tool”

  1. hyperX 4 March 2009 at 9:00 am Permalink

    When I saw this post, I thought you’re talking about Warcraft 3, Dota. lol

  2. dblackshell 5 March 2009 at 6:51 pm Permalink

    @hyperX: lmao

  3. whitehat 6 March 2009 at 2:48 pm Permalink

    Does this release fix cygwin compatibility?

  4. arsehole 7 June 2009 at 3:20 am Permalink

    is this safe? i don’t want 900 infections spreading threw my net downloading this..