Medusa Parallel Network Login Auditor :: Feature Comparison

JoMo-Kun / jmk "AT" foofus "DOT" net

Note: Information contained on this page for Hydra and Ncrack is based on each tool's own documentation. No confirmation of supported services has been performed.

Area Feature Medusa 2.2 Hydra 7.1 Ncrack 0.4ALPHA

* License GPL-2 GPL-3 GPL-2

Core Parallel Method pthread fork()

Service Design Modular Built-in

Speed (several comparisons are included below) ? ? ?

Generic Wrapper Module √

AFP √ √

CVS √ √

FTP FTP √ √ √

Explicit FTPS (AUTH TLS Mode as defined in RFC 4217) √ √ √

Implicit FTPS (FTP over SSL (990/tcp) √ √ √

HTTP Basic Auth √ √ √

NTLM Auth (Windows Integrated) √ √

Digest Authentication MD5, MD5-sess MD5

HTTP Proxy √

ICQ √

IMAP Method LOGIN Support √ √

Method AUTH-PLAIN Support √ √

Method AUTH-NTLM Support √ √

SSL Support IMAPS, STARTTLS IMAPS, STARTTLS

LDAP √

Microsoft SQL Port Auto-Detection √

MS-SQL √ √

MySQL Pre-4.1 Authentication √ √

Pre-4.1 Hash Passing √

4.1+ Authentication √ √

NCP (NetWare) √ (ncpfs) √ (ncpfs)

NNTP √ (Original AUTHINFO) √ (Original AUTHINFO)

Oracle Database √ (via Wrapper script)

Listener

SID √

PcAnywhere Supported Encryption Level None None

Supported Authenication Mode(s) Native PCA, ADS, NT, Windows Native PCA

PCNFS √

POP3 Method AUTH-USER Support √ √ √

Method AUTH-LOGIN Support √ √

Method AUTH-PLAIN Support √ √

Method AUTH-NTLM Support √ √

SSL Support POP3S, STARTTLS POP3S POP3S, STARTTLS

PostgreSQL √ √

RDP (Terminal Server) √ √ √

Pass the Hash Support √

REXEC √ √

RLOGIN .rhost Support √

Password Support √ √

RSH √ √

SAPR3 √

SIP √

SMB (Microsoft Windows/Samba) Authentication Modes clear-text, LMv1, NTLMv1, LMv2, NTLMv2 clear-text, LMv1, NTLMv1, LMv2, NTLMv2 Unknown

Hash Passing √ √

Access Detection (ADMIN$) √

SMTP Method AUTH-LOGIN Support √ √

Method AUTH-PLAIN Support √ √

Method AUTH-NTLM Support √ √

SSL Support STARTTLS STARTTLS

VRFY √ √

EXPN √

RCPT TO √

SNMP √ (significantly faster design) √ (overwrites sysName with "HYDRA")

SOCKS5 √

SSHv2 √ (libssh2) √ (libssh) √

SVN √ √

TeamSpeak √

Telnet Generic Telnet √ √ √
Cisco (AAA/non-AAA) √ √ √

Cisco enable password √

AS/400 (TN5250) Support √

VNC Password-less/Password-only Support √ √

Anti-Brute Force Slowdown Support √

Username/Password Support √

VmWare Authentication Daemon Non-SSL Authentication √ √

SSL Authentication √

Web Form Module √ √

Speed comparison: password list of 20 entries (valid entry at #20)
FTP / Ubuntu 11.10 vsftp 2.3.2
        [1 task]    [4 tasks]    [16 tasks] 
Medusa  1:03.53     15.727         7.658     (e.g., -t 16)
Hydra     57.527    16.545         8.013     (e.g., -t 16)
Ncrack  1:00.01     24.017        15.009     (e.g., -g cl=16,CL=16)

Speed comparison: password list of 1003 entries (valid entry at #1000)
HTTP / Windows 2008 IIS 7.0
        [1 task]    [4 tasks]    [16 tasks] 
Medusa  1.390       0.803        0.626       (e.g., -v 4 -t 16)
Hydra   1.443       0.855        0.790       (e.g., -t 16)
Ncrack  3.108       3.016        3.013       (e.g., -g cl=16,CL=16)

Speed comparison: password list of 1003 entries (valid entry at #986)
SMB / Windows 2008 
        [1 task]    [4 tasks]    [16 tasks] 
Medusa  6.859       0.919        0.500       (e.g., -v 4 -t 16)
Hydra   8.216                                (doesn't handle parallel connections)
Ncrack                                       (failed to auth to test server) 

Speed comparison: password list of 10 entries (valid entry at #10)
SSH Ubuntu 11.10 OpenSSH 5.8p1
        [1 task]    [4 tasks]    [16 tasks] 
Medusa  38.039      11.943       8.067       (e.g., -v 4 -t 16)
Hydra   32.122      12.208       8.457       (e.g., -t 16)
Ncrack  30.023      27.012       24.013      (e.g., -g cl=16,CL=16)

Medusa Documentation

Area	Feature	Medusa 2.2	Hydra 7.1	Ncrack 0.4ALPHA
*	License	GPL-2	GPL-3	GPL-2
Core	Parallel Method	pthread	fork()
	Service Design	Modular	Built-in
	Speed (several comparisons are included below)	?	?	?
Generic Wrapper Module		√
AFP		√	√
CVS		√	√
FTP	FTP	√	√	√
	Explicit FTPS (AUTH TLS Mode as defined in RFC 4217)	√	√	√
	Implicit FTPS (FTP over SSL (990/tcp)	√	√	√
HTTP	Basic Auth	√	√	√
	NTLM Auth (Windows Integrated)	√	√
	Digest Authentication	MD5, MD5-sess	MD5
HTTP Proxy			√
ICQ			√
IMAP	Method LOGIN Support	√	√
	Method AUTH-PLAIN Support	√	√
	Method AUTH-NTLM Support	√	√
	SSL Support	IMAPS, STARTTLS	IMAPS, STARTTLS
LDAP			√
Microsoft SQL	Port Auto-Detection	√
Microsoft SQL	MS-SQL	√	√
MySQL	Pre-4.1 Authentication	√	√
	Pre-4.1 Hash Passing	√
	4.1+ Authentication	√	√
NCP (NetWare)		√ (ncpfs)	√ (ncpfs)
NNTP		√ (Original AUTHINFO)	√ (Original AUTHINFO)
Oracle	Database	√ (via Wrapper script)
	Listener
	SID		√
PcAnywhere	Supported Encryption Level	None	None
PcAnywhere	Supported Authenication Mode(s)	Native PCA, ADS, NT, Windows	Native PCA
PCNFS			√
POP3	Method AUTH-USER Support	√	√	√
	Method AUTH-LOGIN Support	√	√
	Method AUTH-PLAIN Support	√	√
	Method AUTH-NTLM Support	√	√
	SSL Support	POP3S, STARTTLS	POP3S	POP3S, STARTTLS
PostgreSQL		√	√
RDP (Terminal Server)		√	√	√
RDP (Terminal Server)	Pass the Hash Support	√
REXEC		√	√
RLOGIN	.rhost Support	√
RLOGIN	Password Support	√	√
RSH		√	√
SAPR3			√
SIP			√
SMB (Microsoft Windows/Samba)	Authentication Modes	clear-text, LMv1, NTLMv1, LMv2, NTLMv2	clear-text, LMv1, NTLMv1, LMv2, NTLMv2	Unknown
	Hash Passing	√	√
	Access Detection (ADMIN$)	√
SMTP	Method AUTH-LOGIN Support	√	√
	Method AUTH-PLAIN Support	√	√
	Method AUTH-NTLM Support	√	√
	SSL Support	STARTTLS	STARTTLS
	VRFY	√	√
	EXPN	√
	RCPT TO	√
SNMP		√ (significantly faster design)	√ (overwrites sysName with "HYDRA")
SOCKS5			√
SSHv2		√ (libssh2)	√ (libssh)	√
SVN		√	√
TeamSpeak			√
Telnet	Generic Telnet	√	√	√
	Cisco (AAA/non-AAA)	√	√	√
	Cisco enable password		√
	AS/400 (TN5250) Support	√
VNC	Password-less/Password-only Support	√	√
	Anti-Brute Force Slowdown Support	√
	Username/Password Support	√
VmWare Authentication Daemon	Non-SSL Authentication	√	√
VmWare Authentication Daemon	SSL Authentication	√
Web Form Module		√	√