Medusa 2.2 is the first release in over three years. While there are no major changes to the core of the application, it does include many bug-fixes throughout the code base and numerous incremental improvements. The following significant module updates are also included: HTTP. The module now supports NTLM2 session responses and allows for the […]
Medusa 2.1.1 is now available for public download. http://www.foofus.net/jmk/tools/medusa-2.1.1.tar.gz This release contains several bug fixes and should also now compile with gcc 4.7.
Medusa 2.1 is now available for public download. http://www.foofus.net/jmk/tools/medusa-2.1.tar.gz What is Medusa? Medusa is a speedy, massively parallel, modular, login brute-forcer for network services created by the geeks at Foofus.net. It currently has modules for the following services: AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP, PcAnywhere, POP3, PostgreSQL, rexec, rlogin, rsh, SMB, […]
About Medusa Medusa is a speedy, parallel, and modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application: Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently. Flexible […]
After what feels like an eternity, Medusa 2.0 is now available for public download. http://www.foofus.net/jmk/tools/medusa-2.0.tar.gz This release contains the most significant changes to the core of Medusa since its original release in 2005. We’ve moved to a “real” thread pool and modified how credential sets are selected. See the following for a more detailed list of changes: http://www.foofus.net/jmk/medusa/ChangeLog […]
Fellow Pen-testers: Version 1.5 of Medusa is now available for public download. What is Medusa? Medusa is a speedy, massively parallel, modular, login brute-forcer for network services created by the geeks at Foofus.net. It currently has modules for the following services: AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP, PcAnywhere, POP3, PostgreSQL, rexec, […]
I was informed last month of the release of the new “Faraday” penetration testing framework. A key feature of this framework is its ability to parse the output from various other security tools, including Foofus.Net’s Medusa! Here is the official release from the Infobyte folks: We are happy to announce our first release of Faraday […]
This site exists to support the various tools and ideas that we’ve made public, along with aiding to fill our DefCon beer fund. Feel free to peruse our collection of Samba patches and miscellaneous hacks, Medusa and FgDump/PwDump documentation, among other random postings.
Passwords & Hashes I work a lot with hashes (i.e. one-way encrypted hashes of passwords). This work includes password hash extraction, cracking of the hashes, and using them as-is. The following is a brief overview of the code I’ve developed for this work and some of the tricks to using it. Hash Usage: Gathering The […]
Have a FgDump/PwDump or Medusa question? Join our mailing list and we’ll help you out. http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net