1MEDUSA(1) General Commands Manual MEDUSA(1)
2
6 MEDUSA - Parallel Network Login Auditor
7
9 medusa [-h host|-H file] [-u username|-U file] [-p password|-P file]
10 [-C file] -M module [OPTIONS]
11
13 Medusa is intended to be a speedy, massively parallel, modular, login
14 brute-forcer. The goal is to support as many services which allow
15 remote authentication as possible. The author considers following items
16 to some of the key features of this application:
17 *Thread-based parallel testing. Brute-force testing can be performed
19 against multiple hosts, users or passwords concurrently.
20 *Flexible user input. Target information (host/user/password) can be
22 specified in a variety of ways. For example, each item can be either a
23 single entry or a file containing multiple entries. Additionally, a
24 combination file format allows the user to refine their target listing.
25 *Modular design. Each service module exists as an independent .mod
27 file. This means that no modifications are necessary to the core appli‐
28 cation in order when extending the supported list of services for
29 brute-forcing.
30
33 -h [TARGET]
34 Target hostname or IP address.
35 -H [FILE]
38 Reads target specifications from the file specified rather than
39 from the command line. The file should contain a list separated
40 by newlines.
41 -u [TARGET]
44 Target username.
45 -U [FILE]
48 Reads target usernames from the file specified rather than from
49 the command line. The file should contain a list separated by
50 newlines.
51 -p [TARGET]
54 Target password.
55 -P [FILE]
58 Reads target passwords from the file specified rather than from
59 the command line. The file should contain a list separated by
60 newlines.
61 -C [FILE]
64 File containing combo entries. Combo files are colon separated
65 and in the following format: host:user:password. If any of the
66 three fields are left empty, the respective information should
67 be provided either as a single global value or as a list in a
68 file.
69 The following combinations are possible in the combo file: 1.)
71 foo:bar:fud 2.) foo:bar: 3.) foo:: 4.) :bar:fud 5.) :bar: 6.)
72 ::fud 7.) foo::fud
73 Medusa also supports using PwDump files as a combo file. The
75 format of these files should be user:id:lm:ntlm:::. We look for
76 ':::' at the end of the first line to determine if the file con‐
77 tains PwDump output.
78 -O [FILE]
81 File to append log information to. Medusa will log all accounts
82 credentials found to be valid or cause an unknown error. It will
83 also log the start and stop times of an audit, along with the
84 calling parameters.
85 -e [n/s/ns]
88 Additional password checks ([n] No Password, [s] Password =
89 Username). If both options are being used, they should be speci‐
90 fied together ("-e ns"). If only a single option is being called
91 use either "-e n" or "-e s".
92 -M [TEXT]
95 Name of the module to execute (without the .mod extension).
96 -m [TEXT]
99 Parameter to pass to the module. This can be passed multiple
100 times with a different parameter each time and they will all be
101 sent to the module (i.e. -m Param1 -m Param2, etc.)
102 -d Dump all known modules.
105 -n [NUM]
108 Use for non-default TCP port number.
109 -s Enable SSL.
112 -g [NUM]
115 Give up after trying to connect for NUM seconds (default 3).
116 -r [NUM]
119 Sleep NUM seconds between retry attempts (default 3).
120 -R [NUM]
123 Attempt NUM retries before giving up. The total number of
124 attempts will be NUM + 1.
125 -t [NUM]
128 Total number of logins to be tested concurrently. It should be
129 noted that rougly t x T threads could be running at any one
130 time. 381 appears to be the limit on my fairly boring Gentoo
131 Linux host.
132 -T [NUM]
135 Total number of hosts to be tested concurrently.
136 -L Parallelize logins using one username per thread. The default is
139 to process the entire username before proceeding.
140 -f Stop scanning host after first valid username/password found.
143 -F Stop audit after first valid username/password found on any
146 host.
147 -b Suppress startup banner
150 -q Display module's usage information. This should be used in con‐
153 junction with the "-M" option. For example, "medusa -M smbnt
154 -q".
155 -v [NUM]
158 Verbose level [0 - 6 (more)]. All messages at or below the spec‐
159 ified level will be displayed. The default level is 5.
160 The following is the breakdown of the verbose levels: 0) EXIT
162 APPLICATION 1) MESSAGE WITHOUT TAG 2) LOG MESSAGE WITHOUT
163 TAG 3) IMPORTANT MESSAGE 4) ACCOUNT FOUND 5) ACCOUNT CHECK
164 6) GENERAL MESSAGE
165 -w [NUM]
168 Error debug level [0 - 10 (more)]. All messages at or below the
169 specified level will be displayed. The default level is 5.
170 The following is the breakdown of the error levels: 0) FATAL
172 1) ALERT 2) CRITICAL 3) ERROR 4) WARNING 5) NOTICE 6)
173 INFO 7) DEBUG 8) DEBUG - AUDIT 9) DEBUG - SERVER 10)
174 DEBUG - MODULE
175 -V Display version
178
181 JoMo-Kun <jmk@foofus.net> fizzgig <fizzgig@foofus.net>
182
184 Found a bug? Feel free to send in a patch.
185 MEDUSA(1)