Penetration Testing mailing list archives
Medusa 2.0 Release
From: jmk <jmk () foofus net>
Date: Tue, 16 Feb 2010 14:07:57 -0600
Fellow Pen-Testers: After what feels like an eternity (one year to the date since version 1.5), Medusa 2.0 is now available for public download. http://www.foofus.net/jmk/tools/medusa-2.0.tar.gz This release contains the most significant changes to the core of Medusa since its original release in 2005. We've moved to a "real" thread pool and modified how credential sets are selected. See the following for a more detailed list of changes: http://www.foofus.net/jmk/tmp/ChangeLog What is Medusa? Medusa is a speedy, massively parallel, modular, login brute-forcer for network services created by the geeks at Foofus.net. It currently has modules for the following services: AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP, PcAnywhere, POP3, PostgreSQL, rexec, rlogin, rsh, SMB, SMTP (AUTH/VRFY), SNMP, SSHv2, SVN, Telnet, VmAuthd, VNC. It also includes a basic web form module and a generic wrapper module for external scripts. While Medusa was designed to serve the same purpose as THC-Hydra, there are several significant differences. For a brief comparison, see: http://www.foofus.net/jmk/medusa/medusa-compare.html Finally, the main documentation and actual files are located here: http://www.foofus.net/jmk/medusa/medusa.html http://www.foofus.net/jmk/tools/medusa-2.0.tar.gz Medusa was developed on Gentoo Linux and FreeBSD. Some limited testing has been done on other platforms/distributions (OpenBSD, Debian, Ubuntu, Darwin, Mac OS X, Solaris). If people wish to contribute patches to fix portability issues, I'd be happy to accept them. There are probably lots of bugs which have yet to surface. Please let me know if you encounter issues, fix a bug or just find the application useful. In order to better facilitate support for our applications (Medusa, PwDump6/FgDump, etc.), we've setup an open mailing list. Please feel free to join and post questions regarding issues or general use of these tools. http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net Enjoy, Joe -- jmk <jmk () foofus net> Foofus Networks ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Medusa 2.0 Release jmk (Feb 17)