HiveBrain v1.2.0
Get Started
← Back to all entries
snippetbashTip

medusa — A modular and parallel login brute-forcer for a variety of protocols. More information: <https://man

Submitted by: @import:tldr-pages··
0
Viewed 0 times
clitldrmedusacommand-line
commandloginandmedusaparallelmodularclibrute

Problem

How to use the medusa command: A modular and parallel login brute-forcer for a variety of protocols. More information: <https://manned.org/medusa>.

Solution

medusa — A modular and parallel login brute-forcer for a variety of protocols. More information: <https://manned.org/medusa>.

List all installed modules:
medusa -d


Show usage example of a specific module (use medusa -d for listing all installed modules):
medusa -M {{ssh|http|web-form|postgres|ftp|mysql|...}} -q


Execute brute force against an FTP server using a file containing usernames and a file containing passwords:
medusa -M ftp -h host -U {{path/to/username_file}} -P {{path/to/password_file}}


Execute a login attempt against an HTTP server using the username, password, and user-agent specified:
medusa -M HTTP -h host -u {{username}} -p {{password}} -m USER-AGENT:"{{Agent}}"


Execute a brute force against a MySQL server using a file containing usernames and a hash:
medusa -M mysql -h host -U {{path/to/username_file}} -p {{hash}} -m PASS:HASH


Execute a brute force against a list of SMB servers using a username and a pwdump file:
medusa -M smbnt -H {{path/to/hosts_file}} -C {{path/to/pwdump_file}} -u {{username}} -m PASS:HASH

Code Snippets

List all installed modules

medusa -d

Show usage example of a specific module (use `medusa -d` for listing all installed modules)

medusa -M {{ssh|http|web-form|postgres|ftp|mysql|...}} -q

Execute brute force against an FTP server using a file containing usernames and a file containing passwords

medusa -M ftp -h host -U {{path/to/username_file}} -P {{path/to/password_file}}

Execute a login attempt against an HTTP server using the username, password, and user-agent specified

medusa -M HTTP -h host -u {{username}} -p {{password}} -m USER-AGENT:"{{Agent}}"

Execute a brute force against a MySQL server using a file containing usernames and a hash

medusa -M mysql -h host -U {{path/to/username_file}} -p {{hash}} -m PASS:HASH

Context

tldr-pages: common/medusa

Revisions (0)

No revisions yet.