Medusa 2.2 is the first release in over three years. While there are no major changes to the core of the application, it does include many bug-fixes throughout the code base and numerous incremental improvements. The following significant module updates are also included:
HTTP. The module now supports NTLM2 session responses and allows for the inclusion of custom headers. In addition, it can report the target host’s default domain when using NTLM authentication.
RDP. This is a new module and uses the FreeRDP library to test RDP (Terminal Services) on Microsoft Windows 2008/7 and later hosts. It also supports pass-the-hash testing depending on the version of FreeRDP installed. It is recommended that if you are using the RDP module, it be built against a current version of FreeRDP. The FreeRDP-Nightly site provides binaries for several platforms and can be installed side-by-side with the released version. Medusa will detect and use the nightly version during its build process.
SMB. The module now includes a check of the ADMIN$ default share. The purpose of this is to test whether the valid credentials have administrative or user-level access to the host.
SMTP-VRFY. The module now supports EXPN and RCPT bruting.
SSH. The module should now be stable on OS X due to several bug fixes with thread safety.
Medusa is now hosted at GitHub – https://github.com/jmk-foofus/medusa.
See doc/medusa.html for Medusa documentation. For additional information:
Please feel free to send me questions, bug reports, or patches directly or through the foofus-tools mailing list.