1MEDUSA(1) General Commands Manual MEDUSA(1)
2
3
4
6 MEDUSA - Parallel Network Login Auditor
7
9 medusa [-h host|-H file] [-u username|-U file] [-p password|-P file]
10 [-C file] -M module [OPTIONS]
11
13 Medusa is intended to be a speedy, massively parallel, modular, login
14 brute-forcer. The goal is to support as many services which allow
15 remote authentication as possible. The author considers following items
16 to some of the key features of this application:
17
18 *Thread-based parallel testing. Brute-force testing can be performed
19 against multiple hosts, users or passwords concurrently.
20
21 *Flexible user input. Target information (host/user/password) can be
22 specified in a variety of ways. For example, each item can be either a
23 single entry or a file containing multiple entries. Additionally, a
24 combination file format allows the user to refine their target listing.
25
26 *Modular design. Each service module exists as an independent .mod
27 file. This means that no modifications are necessary to the core appli‐
28 cation in order when extending the supported list of services for
29 brute-forcing.
30
31
33 -h [TARGET]
34 Target hostname or IP address.
35
36
37 -H [FILE]
38 Reads target specifications from the file specified rather than
39 from the command line. The file should contain a list separated
40 by newlines.
41
42
43 -u [TARGET]
44 Target username.
45
46
47 -U [FILE]
48 Reads target usernames from the file specified rather than from
49 the command line. The file should contain a list separated by
50 newlines.
51
52
53 -p [TARGET]
54 Target password.
55
56
57 -P [FILE]
58 Reads target passwords from the file specified rather than from
59 the command line. The file should contain a list separated by
60 newlines.
61
62
63 -C [FILE]
64 File containing combo entries. Combo files are colon separated
65 and in the following format: host:user:password. If any of the
66 three fields are left empty, the respective information should
67 be provided either as a single global value or as a list in a
68 file.
69
70 The following combinations are possible in the combo file: 1.)
71 foo:bar:fud 2.) foo:bar: 3.) foo:: 4.) :bar:fud 5.) :bar: 6.)
72 ::fud 7.) foo::fud
73
74 Medusa also supports using PwDump files as a combo file. The
75 format of these files should be user:id:lm:ntlm:::. We look for
76 ':::' at the end of the first line to determine if the file con‐
77 tains PwDump output.
78
79
80 -O [FILE]
81 File to append log information to. Medusa will log all accounts
82 credentials found to be valid or cause an unknown error. It will
83 also log the start and stop times of an audit, along with the
84 calling parameters.
85
86
87 -e [n/s/ns]
88 Additional password checks ([n] No Password, [s] Password =
89 Username). If both options are being used, they should be speci‐
90 fied together ("-e ns"). If only a single option is being called
91 use either "-e n" or "-e s".
92
93
94 -M [TEXT]
95 Name of the module to execute (without the .mod extension).
96
97
98 -m [TEXT]
99 Parameter to pass to the module. This can be passed multiple
100 times with a different parameter each time and they will all be
101 sent to the module (i.e. -m Param1 -m Param2, etc.)
102
103
104 -d Dump all known modules.
105
106
107 -n [NUM]
108 Use for non-default TCP port number.
109
110
111 -s Enable SSL.
112
113
114 -g [NUM]
115 Give up after trying to connect for NUM seconds (default 3).
116
117
118 -r [NUM]
119 Sleep NUM seconds between retry attempts (default 3).
120
121
122 -R [NUM]
123 Attempt NUM retries before giving up. The total number of
124 attempts will be NUM + 1.
125
126
127 -t [NUM]
128 Total number of logins to be tested concurrently. It should be
129 noted that rougly t x T threads could be running at any one
130 time. 381 appears to be the limit on my fairly boring Gentoo
131 Linux host.
132
133
134 -T [NUM]
135 Total number of hosts to be tested concurrently.
136
137
138 -L Parallelize logins using one username per thread. The default is
139 to process the entire username before proceeding.
140
141
142 -f Stop scanning host after first valid username/password found.
143
144
145 -F Stop audit after first valid username/password found on any
146 host.
147
148
149 -b Suppress startup banner
150
151
152 -q Display module's usage information. This should be used in con‐
153 junction with the "-M" option. For example, "medusa -M smbnt
154 -q".
155
156
157 -v [NUM]
158 Verbose level [0 - 6 (more)]. All messages at or below the spec‐
159 ified level will be displayed. The default level is 5.
160
161 The following is the breakdown of the verbose levels: 0) EXIT
162 APPLICATION 1) MESSAGE WITHOUT TAG 2) LOG MESSAGE WITHOUT
163 TAG 3) IMPORTANT MESSAGE 4) ACCOUNT FOUND 5) ACCOUNT CHECK
164 6) GENERAL MESSAGE
165
166
167 -w [NUM]
168 Error debug level [0 - 10 (more)]. All messages at or below the
169 specified level will be displayed. The default level is 5.
170
171 The following is the breakdown of the error levels: 0) FATAL
172 1) ALERT 2) CRITICAL 3) ERROR 4) WARNING 5) NOTICE 6)
173 INFO 7) DEBUG 8) DEBUG - AUDIT 9) DEBUG - SERVER 10)
174 DEBUG - MODULE
175
176
177 -V Display version
178
179
181 JoMo-Kun <jmk@foofus.net> fizzgig <fizzgig@foofus.net>
182
184 Found a bug? Feel free to send in a patch.
185
186
187
188 MEDUSA(1)