Medusa Parallel Network Login Auditor :: SSH

JoMo-Kun / jmk "AT" foofus "DOT" net

The SSH module tests accounts against SSH service using SSH version 2. The module currently supports brute-forcing SSH Keyboard-interactive and Password authentication modes.

This module requires libssh2 ( This is NOT the same as libssh ( It should be noted that the libssh2 library, and therefor, the Medusa SSH module only supports brute-forcing servers which can talk SSH version 2. Libssh2 does not have support for v1 and it looks likely that it never will.

The module has a single option, BANNER. If it's not obvious, this allows you to set the client banner sent during an authentication test. The default value is "SSH-2.0-MEDUSA".

Some notes regarding libssh2... Using the stock libssh2 library, it is likely that the user will encounter hung module threads when running Medusa. This problem is due to libssh2's libssh2_session_startup() not always returning. The cause of this hang within libssh2, I believe, stems from the SSH servers being tested getting pissed and not sending back a banner. The default behavior for OpenSSH is to allow only 10 unauthenticated connections and ignore everything else. While we weren't always running 10 threads in our tests, our threads may have been hitting it faster than it could clean up the previous connections...

This issue has been dealt with in two ways:

** As of libssh2 0.18 (devel), this issue appears to be resolved. **

It should be noted that while you can run many threads of SSH, more is not always better. As you increase past 10, you will notice the module having to retry the startup() function.

Medusa Documentation