[foofus-tools] Medusa 2.2 Release

Tue Nov 24 12:13:39 PST 2015

Medusa Users,

I'm happy to announce that Medusa 2.2 has been published. The source code,
and releases, are now available on GitHub:

https://github.com/jmk-foofus/medusa/releases

---

Medusa 2.2 is the first release in over three years. While there are no
major changes to the core of the application, it does include many bug-fixes
throughout the code base and numerous incremental improvements. The
following significant module updates are also included:

HTTP. The module now supports NTLM2 session responses and allows for the
inclusion of custom headers. In addition, it can report the target host's
default domain when using NTLM authentication.

RDP. This is a new module and uses the FreeRDP library to test RDP (Terminal
Services) on Microsoft Windows 2008/7 and later hosts. It also supports
pass-the-hash testing depending on the version of FreeRDP installed. It is
recommended that if you are using the RDP module, it be built against a
current version of FreeRDP. The FreeRDP-Nightly site provides binaries for
several platforms and can be installed side-by-side with the released
version. Medusa will detect and use the nightly version during its build
process.

SMB. The module now includes a check of the ADMIN$ default share. The
purpose of this is to test whether the valid credentials have administrative
or user-level access to the host.

SMTP-VRFY. The module now supports EXPN and RCPT bruting.

SSH. The module should now be stable on OS X due to several bug fixes with
thread safety.

See doc/medusa.html for Medusa documentation. For additional information:

http://foofus.net/?page_id=51

http://foofus.net/goons/jmk/medusa/medusa.html

Please feel free to send me questions, bug reports, or patches directly or
through the foofus-tools mailing list.

---

Enjoy,

Joe

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.foofus.net/pipermail/foofus-tools-foofus.net/attachments/20151124/5c010c7c/attachment.htm>