Medusa - Network Login Cracker Tool

Posted by Deepanker Verma Wednesday, January 16, 2013 0 comments

Medusa is a fast login brute forcer tool. It is speedy, massively parallel and modular tool ans supports many network protocol. Medusa supports AFP, CVS, FTP, HTTP, IMAP, rlogin, SSH, Subversion, and VNC.

 Here are some of the reasons to use Medusa Login cracker

  1. Application stability: Maybe I'm just lame, but Hydra frequently crashed on me. I was no longer confident that Hydra was actually doing what it claimed to be. Rather than fix Hydra, I decided to create my own buggy application which could crash in new and exciting ways.
  2. Code organization: A while back I added several features to Hydra (parallel host scanning, SMBNT module). Retro-fitting the parallel host code to Hydra was a serious pain. This was mainly due to my coding ignorance, but was probably also due to Hydra not being designed from the ground-up to support this. Medusa was designed from the start to support parallel testing of hosts, users and passwords.
  3. Speed. Hydra accomplishes its parallel testing by forking off a new process for each host and instance of the service being tested: When testing many hosts/users at once this creates a large amount of overhead as user/password lists must be duplicated for each forked process. Medusa is pthread-based and does not unnecessarily duplicate information.
  4. Education: I am not an experienced C programmer, nor do I consider myself an expert in multi-threaded programming. Writing this application was a training exercise for me. Hopefully, the results of it will be useful for others.

0 comments:

Post a Comment

Blog Archive