Skip to content

Security

Jump to bottom
Melvin PETIT edited this page Jun 17, 2026 · 1 revision

Security

Medusa deploys powerful offensive and defensive tooling. Treat every deployment as sensitive.

What Medusa does for you

  • Random passwords. Where Medusa generates a credential it uses openssl rand (24 alphanumeric characters by default) rather than a hardcoded value.
  • Restricted credential files. Each credentials.txt is written with chmod 600 (owner read/write only).
  • Git hygiene. medusa_deployments/ is git-ignored and must never be committed, it holds generated secrets.
  • Root warning. Running Medusa as root prints a warning before continuing.
  • No telemetry. Medusa makes no network calls of its own beyond cloning upstream repositories and downloading the CLI installers you explicitly trigger.

What you must do

  • Rotate upstream defaults immediately. Some tools ship fixed default credentials that Medusa cannot change for you:
    • Wazuh — admin / SecretPassword
    • MISP — admin@admin.test / admin
    • Eramba — admin@eramba.org / admin
    • Greenbone/OpenVAS — admin / admin
  • Do not expose tools to untrusted networks. Default port bindings publish on the host. Front them with a firewall, VPN or reverse proxy with TLS if reachable beyond localhost.
  • Treat Vault dev mode as disposable. Vault is deployed with in-memory storage and a predictable root token, suitable for demos and labs only. Never store production secrets in it.
  • Review CLI installers. trivy and teleport are installed by downloading the vendor's official install.sh and executing it. This matches upstream guidance but is, by nature, trust-on-first-use. Inspect the installer if your threat model requires it.

Image pinning

Docker images are pinned to specific versions for reproducibility (e.g. vault:1.21.4, owasp-zap:2.17.0, falco:0.44.1, suricata:8.0.5, gophish:0.12.1, simplerisk:20260519-001). The Greenbone/OpenVAS stack is the deliberate exception: its feed data images track latest and its services track stable, the upstream-recommended community configuration. Pinning the feed images would freeze the vulnerability database.

Reporting a vulnerability

Do not open a public issue for security problems in Medusa itself. Follow the security policy.

Next: Troubleshooting · Ports-Reference

Repository · Issues · Security policy · MIT License

Medusa

Get running

Concepts

Tool catalog

Reference

Develop

Clone this wiki locally