2024-07-21 19:56:19 +10:00
|
|
|
# medusa
|
2020-03-10 16:26:16 +02:00
|
|
|
|
|
|
|
|
> A modular and parallel login brute-forcer for a variety of protocols.
|
2024-04-22 04:23:48 +10:00
|
|
|
> More information: <https://jmk-foofus.github.io/medusa/medusa.html>.
|
2020-03-10 16:26:16 +02:00
|
|
|
|
2024-07-21 19:56:19 +10:00
|
|
|
- List all installed modules:
|
|
|
|
|
|
|
|
|
|
`medusa -d`
|
|
|
|
|
|
|
|
|
|
- Show usage example of a specific module (use `medusa -d` for listing all installed modules):
|
|
|
|
|
|
|
|
|
|
`medusa -M {{ssh|http|web-form|postgres|ftp|mysql|...}} -q`
|
|
|
|
|
|
2020-03-10 16:26:16 +02:00
|
|
|
- Execute brute force against an FTP server using a file containing usernames and a file containing passwords:
|
|
|
|
|
|
|
|
|
|
`medusa -M ftp -h host -U {{path/to/username_file}} -P {{path/to/password_file}}`
|
|
|
|
|
|
2021-08-15 19:59:09 +02:00
|
|
|
- Execute a login attempt against an HTTP server using the username, password and user-agent specified:
|
2020-03-10 16:26:16 +02:00
|
|
|
|
|
|
|
|
`medusa -M HTTP -h host -u {{username}} -p {{password}} -m USER-AGENT:"{{Agent}}"`
|
|
|
|
|
|
2020-12-04 07:37:44 -05:00
|
|
|
- Execute a brute force against a MySQL server using a file containing usernames and a hash:
|
2020-03-10 16:26:16 +02:00
|
|
|
|
|
|
|
|
`medusa -M mysql -h host -U {{path/to/username_file}} -p {{hash}} -m PASS:HASH`
|
|
|
|
|
|
|
|
|
|
- Execute a brute force against a list of SMB servers using a username and a pwdump file:
|
|
|
|
|
|
|
|
|
|
`medusa -M smbnt -H {{path/to/hosts_file}} -C {{path/to/pwdump_file}} -u {{username}} -m PASS:HASH`
|
