Posts Tagged ‘brute force’

Medusa ‘combo’ word lists (default usernames and passwords) for SSH and Telnet services

August 16, 2014 Leave a comment is a useful resource that contains the default credentials for various devices.

I wrote a script that crawls, parses and extracts the credentials from and outputs them into the “combo” format as required by medusa. Medusa is a brute force tool for numerous services like MySQL, SMB, SSH, Telnet and etc.

Currently, only ssh and telnet related credentials are extracted from

You can download the “combo” word lists for ssh and telnet via the direct links below.

SSH combo list for Medusa

Telnet combo list for Medusa

Combined users.txt and passwords.txt that you can use with Patator ( which is another awesome brute force tool.

Sample command for medusa “combo” SSH attack.
medusa -M ssh -C wordList_ssh.txt -H port22.txt

If you would like to play around with the python script, you can download the file at the below location.


Patator is another awesome tool that you can use for brute forcing SSH logins

Sample command for patator SSH attack ssh_login host= user=FILE0 password=FILE1 0=users.txt 1=passwords.txt -x ignore:mesg=’Authentication failed.’


Special shoutout to for maintaining and providing the extensive database of default credentials at


Get every new post delivered to your Inbox.