All posts by jmk

Medusa 2.2 is the first release in over three years. While there are no major changes to the core of the application, it does include many bug-fixes throughout the code base and numerous incremental improvements. The following significant module updates are also included:

HTTP. The module now supports NTLM2 session responses and allows for the inclusion of custom headers. In addition, it can report the target host’s default domain when using NTLM authentication.

RDP. This is a new module and uses the FreeRDP library to test RDP (Terminal Services) on Microsoft Windows 2008/7 and later hosts. It also supports pass-the-hash testing depending on the version of FreeRDP installed. It is recommended that if you are using the RDP module, it be built against a current version of FreeRDP. The FreeRDP-Nightly site provides binaries for several platforms and can be installed side-by-side with the released version. Medusa will detect and use the nightly version during its build process.

SMB. The module now includes a check of the ADMIN$ default share. The purpose of this is to test whether the valid credentials have administrative or user-level access to the host.

SMTP-VRFY. The module now supports EXPN and RCPT bruting.

SSH. The module should now be stable on OS X due to several bug fixes with thread safety.

Medusa is now hosted at GitHub –

See doc/medusa.html for Medusa documentation. For additional information:

Please feel free to send me questions, bug reports, or patches directly or through the foofus-tools mailing list.


I was informed last month of the release of the new “Faraday” penetration testing framework. A key feature of this framework is its ability to parse the output from various other security tools, including Foofus.Net’s Medusa! Here is the official release from the Infobyte folks:

We are happy to announce our first release of Faraday (beta), an open source collaborative Penetration Test IDE console that uses the same tools you use every day.

Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment

We built a plugin system, where all the I/O from the terminal gets interpreted, if we have a plugin for the command, the output is processed and added to a knowledge base in a transparent way.

Our idea was to build a tool that helps from the perspective of a pentester without changing the way you work, adding the support for multi user collaboration on security testing projects.

Developed with a specialized set of functionalities that help users improve their own work adding collaborative data sharing, indexation and analysis of the generated knowledge during the engagement of a security audit.

* +40 Plugins (Metasploit, Amap, Arachini, Dnsenum, Medusa, Nmap, Nessus, w3af, Zap and More!)
* Collaborative support
* Information Highlighting
* Knowledge Filtering
* Information Dashboard
* Conflict Detection
* Support for multiple Workspaces
* IntelliSense Support
* Easy Plugin Development
* XMLRPC, XML and Regex Parsers

Get it now:

#faraday-dev on

We hope you enjoy it!

Francisco Amato

Infobyte LLC.
2699 S. Bayshore Dr #300.
[33133], Miami, FL
Phone: +1 305 851 3373


Medusa 2.1 is now available for public download.

What is Medusa? Medusa is a speedy, massively parallel, modular, login brute-forcer for network services created by the geeks at It currently has modules for the following services: AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP, PcAnywhere, POP3, PostgreSQL, rexec, rlogin, rsh, SMB, SMTP (AUTH/VRFY), SNMP, SSHv2, SVN, Telnet, VmAuthd, VNC. It also includes a basic web form module and a generic wrapper module for external scripts.

While Medusa was designed to serve the same purpose as THC-Hydra, there are several significant differences. For a brief comparison, see:

This release does not introduce any major changes to the core of the application, however, it does include two years worth of bug-fixes throughout the code base and numerous incremental improvements.




I’ve posted an updated version of my “Karma” patch for HostAP (hostap_0_7_2-775-g9fc6aa9). This patch adds Karma-style automatic probe response, in addition to PEAP/MSCHAPv2 authentication logging (think all-in-one FreeRadius-WPE). See the Wireless page for a link to the old Hostap 0.6.9 patch and the newer version.