Future Plans: *Pool-based thread handling Threads are currently destroyed following the completion of a host or user test. Implementing a thread pool would likely decrease overall application overhead. *Add support for modules to request either the next password or user Currently, modules call getNextPass() which returns a valid password pointer until the user being tested password list has been exhausted. Once a user is done being tested, the testing thread is destroyed and a new thread is created for the next user. This should probably be reworked to allow the module to switch users mid-brute force. *Ability to save state Medusa does not have the ability to stop or pause audits and later resume. This may be useful. *Account lockout Microsoft SMB services can often be queried for the account lockout policy or how many attempts are remaining on an account before it is locked. Medusa should be able to auto-detect these values and tested up to the lockout threshold. Bugs: Failed attempts could result in missed password attempts. Login modules have no method of notifying the server thread that an assigned password was not checked. Example issue: User kicks off 10 threads against a MS-SQL Developer Edition server. MSDE's workload governor limits the service to no more than 5 concurrent connections. The result is 5 threads will fail to connect and shutdown. Medusa will continue testing with the remaining 5 threads. However, the 5 passwords initially assigned to those failed threads will not be tested. Not sure how to deal with this situation yet... SSH module may hang when connecting to protocol versions < 2 (e.g. Cisco PIX). This appears to be a bug in libssh2. Planning to dig into it in the near future... (10/01/07 - Issue addressed in newer versions of libssh2 (0.17))