[foofus-tools] Medusa 2.2 Release Candidate

jmk jmk at foofus.net
Thu May 28 09:18:58 PDT 2015

Medusa Users,

I'm happy to announce that Medusa 2.2 (Release Candidate 1) has been
published. The source code, and releases, are now available on GitHub:


Medusa 2.2 will be the first release in over three years. While there
are no major changes to the core of the application, it does include
many bug-fixes throughout the code base and numerous incremental
improvements. The following significant module updates are also

HTTP. The module now supports NTLM2 session responses and allows for the
inclusion of custom headers. In addition, it can report the target
host's default domain when using NTLM authentication.

RDP. This is a new module and uses the FreeRDP library to test RDP
(Terminal Services) on Microsoft Windows 2008/7 and later hosts. It also
supports pass-the-hash testing depending on the version of FreeRDP

SMB. The module now includes a check of the ADMIN$ default share. The
purpose of this is to test whether the valid credentials have
administrative or user-level access to the host.

SMTP-VRFY. The module now supports EXPN and RCPT bruting.

SSH. The module should now be stable on OS X due to several bug fixes
with thread safety.

I'm targeting to release the final version within the next month or so.
Please let me know if there are any issues with this release candidate
and I'll work to address them in the final version.


More information about the foofus-tools mailing list