# Medusa Fast, parallel, modular login brute-forcer. ## Installation ```bash sudo apt-get -y install medusa ``` *** ## Basic Syntax ```bash medusa [target_options] [credential_options] -M module [module_options] ``` *** ## Options Table | Option | Description | Example | | ----------- | ----------------------------------- | ----------------------------- | | `-h HOST` | Single target host | `medusa -h 192.168.1.10 ...` | | `-H FILE` | File with list of targets | `medusa -H targets.txt ...` | | `-u USER` | Single username | `medusa -u admin ...` | | `-U FILE` | File with list of usernames | `medusa -U users.txt ...` | | `-p PASS` | Single password | `medusa -p password123 ...` | | `-P FILE` | File with list of passwords | `medusa -P passwords.txt ...` | | `-M MODULE` | Module to use | `medusa -M ssh ...` | | `-m "OPTS"` | Module-specific options | `medusa -m "DIR:/admin" ...` | | `-t TASKS` | Parallel login attempts | `medusa -t 4 ...` | | `-f` | Stop after first valid login (host) | `medusa -f ...` | | `-F` | Stop after first valid login (any) | `medusa -F ...` | | `-n PORT` | Non-default port | `medusa -n 2222 ...` | | `-e ns` | Check empty/same-as-user passwords | `medusa -e ns ...` | | `-v LEVEL` | Verbose (0-6) | `medusa -v 4 ...` | *** ## Modules Table | Module | Service | Example | | ---------- | --------------- | ------------------------------------------------------------- | | `ssh` | SSH | `medusa -M ssh -h 192.168.1.100 -u root -P pass.txt` | | `ftp` | FTP | `medusa -M ftp -h 192.168.1.100 -u admin -P pass.txt` | | `http` | HTTP Basic Auth | `medusa -M http -h example.com -U users.txt -P pass.txt` | | `mysql` | MySQL | `medusa -M mysql -h 192.168.1.100 -u root -P pass.txt` | | `mssql` | MS SQL Server | `medusa -M mssql -h 192.168.1.100 -u sa -P pass.txt` | | `rdp` | Remote Desktop | `medusa -M rdp -h 192.168.1.100 -u admin -P pass.txt` | | `vnc` | VNC | `medusa -M vnc -h 192.168.1.100 -P pass.txt` | | `pop3` | POP3 Mail | `medusa -M pop3 -h mail.example.com -U users.txt -P pass.txt` | | `imap` | IMAP Mail | `medusa -M imap -h mail.example.com -U users.txt -P pass.txt` | | `smtp` | SMTP Mail | `medusa -M smtp -h mail.example.com -U users.txt -P pass.txt` | | `telnet` | Telnet | `medusa -M telnet -h 192.168.1.100 -u admin -P pass.txt` | | `web-form` | Web Login Forms | See below | *** ## SSH Brute Force ```bash medusa -h 192.168.1.100 -u root -P /usr/share/wordlists/rockyou.txt -M ssh -t 4 # With username list medusa -h 192.168.1.100 -U users.txt -P passwords.txt -M ssh ``` *** ## FTP Brute Force ```bash medusa -h 192.168.1.100 -u ftpuser -P passwords.txt -M ftp -t 5 # Local FTP (use 127.0.0.1 to force IPv4) medusa -h 127.0.0.1 -u ftpuser -P passwords.txt -M ftp ``` *** ## HTTP Basic Auth ```bash medusa -h www.example.com -U users.txt -P passwords.txt -M http -m GET ``` *** ## Web Form Brute Force ```bash medusa -h www.example.com -U users.txt -P passwords.txt -M web-form \ -m FORM:"username=^USER^&password=^PASS^:F=Invalid" ``` *** ## Multiple Targets ```bash medusa -H targets.txt -u admin -P passwords.txt -M ssh -t 4 ``` *** ## Check Empty/Default Passwords ```bash # -e n = try empty password # -e s = try password same as username # -e ns = try both medusa -h 192.168.1.100 -U users.txt -e ns -M ssh ``` *** ## Non-Standard Port ```bash medusa -h 192.168.1.100 -n 2222 -u root -P passwords.txt -M ssh ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.ice-wzl.xyz/tool-guides/medusa.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.