Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Medusa 1.5 Release

From: jmk <jmk () foofus net>
Date: Mon, 23 Feb 2009 10:34:59 -0600
Fellow Pen-testers:

Version 1.5 of Medusa is now available for public download.

What is Medusa? Medusa is a speedy, massively parallel, modular, login
brute-forcer for network services created by the geeks at Foofus.net. It
currently has modules for the following services: AFP, CVS, FTP, HTTP,
IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP, PcAnywhere, POP3, PostgreSQL,
rexec, rlogin, rsh, SMB, SMTP (AUTH/VRFY), SNMP, SSHv2, SVN, Telnet,
VmAuthd, VNC. It also includes a basic web form module and a generic
wrapper module for external scripts.

While Medusa was designed to serve the same purpose as THC-Hydra, there
are several significant differences. For a brief comparison, see:

http://www.foofus.net/jmk/medusa/medusa-compare.html

It's been over a year since version 1.4 was released and there has been
a bunch of changes. This release includes multiple bug fixes, several
new modules and additional module functionality. The following is a
quick rundown on some of the new features. A somewhat detailed report is
available here: http://www.foofus.net/jmk/medusa/ChangeLog

* AFP - new module (still marked as unstable)
* HTTP - digest auth support
* IMAP - STARTTLS, NTLM support
* POP3 - STARTTLS, LOGIN, PLAIN, NTLM support
* SMBNT - LM, LMv2, NTLMv2 support
* SMTP - NTLM support
* TELNET - AS/400 (TN5250) support
* misc. core and module bug fixes

Finally, the main documentation and actual files are located here:

http://www.foofus.net/jmk/medusa/medusa.html
http://www.foofus.net/jmk/tools/medusa-1.5.tar.gz

Medusa was developed on Gentoo Linux and FreeBSD. Some limited testing
has been done on other platforms/distributions (OpenBSD, Debian, Ubuntu,
Darwin, Mac OS X, Solaris). If people wish to contribute patches to fix
portability issues, I'd be happy to accept them. There are probably lots
of bugs which have yet to surface. Please let me know if you encounter
issues, fix a bug or just find the application useful.

In order to better facilitate support for our applications (Medusa,
PwDump6/FgDump, etc.), we've setup an open mailing list. Please feel
free to join and post questions regarding issues or general use of these
tools.

http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net


Enjoy,
Joe

-- 
jmk <jmk () foofus net>
Foofus Networks
Previous By Date Next
Previous By Thread Next

Current thread: