Medusa v1.5 Released – Parallel, Modular Login Brute Forcing Tool

Use Netsparker


Finally an update to Medusa! Version 1.5 of Medusa is now available for public download. Medusa 1.4 was released quite some time back in November 2007 and before that Medusa 1.3 showed up November 2006.

You would have thought version 1.5 would have been released in November 2008! Looks like they missed by a few months.

What is Medusa?

Medusa is a speedy, massively parallel, modular, login brute-forcer for network services. Some of the key features of Medusa are:

  • Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
  • Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.
  • Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.

It currently has modules for the following services:

  • AFP
  • CVS
  • FTP
  • HTTP
  • IMAP
  • MS-SQL
  • MySQL
  • NCP (NetWare)
  • NNTP
  • PcAnywhere
  • POP3
  • PostgreSQL
  • rexec
  • rlogin
  • rsh
  • SMB
  • SMTP (AUTH/VRFY)
  • SNMP
  • SSHv2
  • SVN
  • Telnet
  • VmAuthd
  • VNC

It also includes a basic web form module and a generic wrapper module for external scripts.

While Medusa was designed to serve the same purpose as THC-Hydra, there are several significant differences – you can see a brief comparison here.

It’s been over a year since version 1.4 was released and there has been a bunch of changes. This release includes multiple bug fixes, several new modules and additional module functionality. The following is a quick rundown on some of the new features, if you wish to see a detailed ChangeLog it’s here.

  • AFP – new module (still marked as unstable)
  • HTTP – digest auth support
  • IMAP – STARTTLS, NTLM support
  • POP3 – STARTTLS, LOGIN, PLAIN, NTLM support
  • SMBNT – LM, LMv2, NTLMv2 support
  • SMTP – NTLM support
  • TELNET – AS/400 (TN5250) support
  • misc. core and module bug fixes

You can download Medusa v1.5 here:

medusa-1.5.tar.gz

Or read more here.

Posted in: Hacking Tools, Networking Hacking, Password Cracking

, , , , , ,


Latest Posts:


SCADA Hacking - Industrial Systems Woefully Insecure SCADA Hacking – Industrial Systems Woefully Insecure
airgeddon - Wireless Security Auditing Script airgeddon – Wireless Security Auditing Script
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.
Acunetix v12 - Pause & Resume Acunetix v12 – More Comprehensive More Accurate & 2x Faster
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12 - more comprehensive, accurate & 2x faster.
CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.


4 Responses to Medusa v1.5 Released – Parallel, Modular Login Brute Forcing Tool

  1. hyperX March 4, 2009 at 9:00 am #

    When I saw this post, I thought you’re talking about Warcraft 3, Dota. lol

  2. dblackshell March 5, 2009 at 6:51 pm #

    @hyperX: lmao

  3. whitehat March 6, 2009 at 2:48 pm #

    Does this release fix cygwin compatibility?

  4. arsehole June 7, 2009 at 3:20 am #

    is this safe? i don’t want 900 infections spreading threw my net downloading this..