Medusa Cheat Sheet
Fast, modular parallel login brute-forcer (Foofus Medusa).
Overview
Medusa brute-forces logins across modules (SSH, FTP, HTTP, SMB, MySQL, etc.) with high parallelism. Like Hydra, it performs live authentication attempts. Ethics: authorized lab and pentest scope only; respect lockout policies, logging, and legal boundaries. Unapproved spraying against corporate infrastructure is prohibited.
Install
sudo apt install medusamedusa -hmedusa -d # list modulesEssential commands
medusa -h 10.10.10.5 -u admin -P passwords.txt -M sshmedusa -H hosts.txt -U users.txt -P pass.txt -M smbnt -T 10medusa -h 10.10.10.20 -u admin -P pass.txt -M http -m DIR:/login -m FORM:"user=^USER^&pass=^PASS^" -m DENY-SIGNAL:"Invalid"Common workflows
SSH —
medusa -h 10.10.10.5 -U users.txt -P /usr/share/wordlists/rockyou.txt -M ssh -fmedusa -h target -u root -P pass.txt -M ssh -n 2222 -T 4SMB (Windows) —
medusa -h 10.10.10.5 -U users.txt -P passwords.txt -M smbnt -m PASS:DOMAINmedusa -h 10.10.10.5 -u administrator -P pass.txt -M smbntFTP / MySQL —
medusa -h 10.10.10.10 -u ftpuser -P pass.txt -M ftpmedusa -h 10.10.10.30 -u root -P pass.txt -M mysqlHTTP form —
medusa -h 10.10.10.20 -u admin -P pass.txt -M http -m DIR:/auth/login -m FORM:"username=^USER^&password=^PASS^"-m DENY-SIGNAL:"failed"Flags reference
-h | Target host |
|---|---|
-H | Host file |
-u / -U | User / user file |
-p / -P | Pass / pass file |
-M | Module name |
-m | Module option |
-T | Threads |
-f | Stop on success |
-n | Port |
-O | Output file |
Tips
- Ethics: lower -T on domain controllers; coordinate with blue team in exercises.
- Run medusa -d and medusa -M ssh -q for module-specific options.
- Combine with small targeted wordlists from cewl rather than huge rockyou on HTTP.
- Medusa and Hydra overlap—pick one stack per engagement for consistent logging.