tldr/pages/linux/medusa.md

# Medusa

> A modular and parallel login brute-forcer for a variety of protocols.

- Execute brute force against an FTP server using a file containing usernames and a file containing passwords:

`medusa -M ftp -h host -U {{path/to/username_file}} -P {{path/to/password_file}}`

- Execute a login attempt against a HTTP server using the username, password and user-agent specified:

`medusa -M HTTP -h host -u {{username}} -p {{password}} -m USER-AGENT:"{{Agent}}"`

- Execute a brute force against a MySQL server using a file cointaining usernames and a hash:

`medusa -M mysql -h host -U {{path/to/username_file}} -p {{hash}} -m PASS:HASH`

- Execute a brute force against a list of SMB servers using a username and a pwdump file:

`medusa -M smbnt -H {{path/to/hosts_file}} -C {{path/to/pwdump_file}} -u {{username}} -m PASS:HASH`
medusa: add page (#3899) 2020-03-10 14:26:16 +00:00			`# Medusa`

			`> A modular and parallel login brute-forcer for a variety of protocols.`

			`- Execute brute force against an FTP server using a file containing usernames and a file containing passwords:`

			`medusa -M ftp -h host -U {{path/to/username_file}} -P {{path/to/password_file}}`

			`- Execute a login attempt against a HTTP server using the username, password and user-agent specified:`

			`medusa -M HTTP -h host -u {{username}} -p {{password}} -m USER-AGENT:"{{Agent}}"`

			`- Execute a brute force against a MySQL server using a file cointaining usernames and a hash:`

			`medusa -M mysql -h host -U {{path/to/username_file}} -p {{hash}} -m PASS:HASH`

			`- Execute a brute force against a list of SMB servers using a username and a pwdump file:`

			`medusa -M smbnt -H {{path/to/hosts_file}} -C {{path/to/pwdump_file}} -u {{username}} -m PASS:HASH`