/HashCrack

Hash Crack is a Python-based tool designed for cracking password hashes. It supports simultaneous cracking of multiple hashes by leveraging multi-core processing. The tool is educational and aims to raise awareness about the importance of strong passwords.

Primary LanguagePython

Hash Crack

This code does NOT promote or encourage any illegal activities!

I created this tool for educational purpose only

In the realm of cybersecurity, passwords are the keys to our digital kingdoms. Imagine each password as a fortress protecting your most valuable treasures. However, not all fortresses are built the same; some are strong and impenetrable, while others are weak and easily breached.

This project is a metaphorical journey into the importance of creating strong, secure passwords. By using this tool, you will understand how easily weak passwords can be compromised and why it's crucial to build robust defenses against potential intruders.

Our tool compares password hashes to highlight vulnerabilities in commonly used passwords. It's designed to educate and raise awareness about the necessity of using complex, unique passwords that cannot be easily guessed or cracked.


Intro  |  Description  |  Requirements  |  Install  |  Start Program  |  Menu  |  Supported Algorithms  |  Summary  |  Passwords List  |  Changelog  | 


Description

Hash Crack is a Python-based tool designed to crack password hashes using a dictionary attack. The program allows for simultaneous cracking of multiple hashes by leveraging multi-core processing; for instance, if you have 3 CPU cores, it will compare 3 hashes concurrently. After the process is complete, a report of the cracked hashes will be generated in the "output" directory.

Hash Crack also supports the merging of multiple dictionaries into a single large dictionary to facilitate comprehensive password testing.

IMPORTANT!! If you find a password that you use within any of the dictionary lists, change it immediately. This indicates that the password has likely been compromised for a long time, and this tool demonstrates just how easily it can be cracked.

Key Features

  • Multi-Hash Cracking: Ability to crack several hashes concurrently, utilizing multiple CPU cores for efficiency.
  • Supported Hash Algorithms: Includes support for a wide range of hash algorithms, such as SHA-256, MD5, SHA3-256, and many more.
  • Customizable Parameters: Allows customization of encoding formats and the number of processing cores used.
  • Dictionary Attack: Utilizes dictionary files to perform attacks, and supports merging multiple dictionaries for comprehensive testing.
  • Bruteforce Attack: Allows you to build your own combination for attacks, enhancing the tool's flexibility and power.
  • Real-Time Reporting: Generates a report in real-time, updating with each cracked hash.

Requirements

  • Python 3.11
  • Termcolor module
  • Art module

Install

To install the tool, follow these steps:

  1. Clone the repository:
    2. git clone https://github.com:LittleAtariXE/HashCrack.git
  2. Navigate to the project directory:
    3. cd HashCrack
  3. Install the required dependencies:
    4. pip install -r requirements.txt

Start

To start the program, enter the following command in the console:

python3 hc.py

You can also add optional parameters:

  • encode_format=ascii - Before converting the password to its hash form, it must be transformed into a byte value. This parameter sets the encoding to "ascii". The default is "utf-8".
  • process_num=3 - By default, each hash is cracked using one core (one processor). This means if you have 4 cores, the program will automatically check 4 hashes simultaneously. This parameter allows you to change the number of Python processes. For example, if you have 4 cores, you can force the use of only 2 processes, or if you have 2 cores, you can use up to 10 processes.

These parameters are optional, and you do not need to specify them.

After starting the program, the following directories will be created in the program directory:

  • input - Place the list of hashes to be cracked here (preferably using a .txt file). Hashes should be listed one per line. Two formats are acceptable:
    • hash
    • login:hash
    You can either place just the hash or use the login:hash format. In the report file, the login will be displayed along with the cracked password if provided. Different formats can be mixed in a single file.

    • Adding additional files with hashes will append new hashes. If you want to remove hashes, you must use a separate option. Loading hashes does not replace existing ones.

  • library - This is the directory where you place your word lists for the attack (also known as dictionaries). You can have multiple dictionaries, but only one can be loaded for the attack at a time.
    • In the library directory, there is a folder named my_combos. You can place various word lists here and then combine them into one large dictionary within the program. The program will combine all files from my_combos. The resulting file will be displayed in the library directory. The script will remove duplicate words, so repeated passwords in dictionaries are not an issue.

    Remember, if you are merging files with millions of passwords, it may take some time. Please be patient.

  • output - This directory will contain the report file of the cracked hashes. The file can be checked in real-time and is updated after each hash is cracked.

When you choose the "Prepare Brute Force Attack" option, you will be able to select the combination of characters used for the attack. The next option is the number of characters used in the attack, and there are two possibilities:

  • Providing a single number, e.g., 3 - This will build passwords starting from one character and ending at the number you provided. For example, from 'a' to 'zzz'.
  • Providing a "$" sign before the number, e.g., $3 - This will build passwords exactly with that number of characters. For example, from 'aaa' to 'zzz'.

Supported Hash Algorithms

  • sha256
  • md5
  • sha3_256
  • blake2s
  • sm3
  • whirlpool
  • blake2b
  • shake_256
  • sha224
  • sha384
  • sha512_224
  • sha3_384
  • sha512_256
  • sha1
  • shake_128
  • sha3_512
  • sha512
  • ripemd160
  • md4
  • sha3_224
  • md5-sha1

Summary

The program's menu is simple, so you should have no trouble navigating it. When selecting the option to load files, a list of available files will automatically be displayed. You do not need to specify any names; just choose from the list. In the "status" option, you can check the number of loaded hashes and the number of loaded passwords.

Available attack modes:

  • Dictionary Attack
  • BruteForce Attack

Use the program for educational purposes and fun. Do not crack other users' passwords!

Few Password List

Password List

Changelog

  • ver 1.1 - Added the option to build a BruteForce attack. Added additional information in the "report" files.