Complete wrapper that offers every feature of hashcat in an easy to use UI. From now on, there is no better way to interface with hashcat than Hashpass!
- Backend API server for sending hashes and controlling the application remotely. (Ruby/SQLite)
- Custom designed frontend similar to a terminal environment. (VueJS)
- Hash queing
- Cracking progress is updated in real time. Hashcat output automatically gets fed into the frontend. Websockets implementation in next release!
- Database driven. Upload and manage hashes, dictionaries, rules with attack history and pause/resume
- Auth with user account roles and management settings
- Regular security hardning against common attacks such as XSS, SQL injection, click jacking and CSRF
- SMS and Email notifcations
- Maps integration for attaching lat/long to your hashes. Great for WIFI ;) New method of wardriving but also cracking the hash in real time! Anyone else doing this?
- Agents, two kinds: RottenPi & Hive. RottenPi is another project of mine that allows me to capture hashes via Responder/PMKID/Handshakes etc and queue them up for cracking with the hashpass API. Hive is my project for distributed password cracking which will allow a network of computers running hashcat to recieve a chunk of the keyspace.
- First, install hashcat and make sure its accessable in your $PATH: https://hashcat.net/hashcat/
- Install Ruby
$ apt install ruby-full -y
- Install yarn
$ curl -o- -L https://yarnpkg.com/install.sh | bash
- Install NodeJS and Yarn: Install Guide
- Install Ruby
$ brew install ruby
. For development I recommend RVM
.........
$ git pull [email protected]:dj-zombie/hashpass.git
$ cd hashcat
$ gem install bunlder && bundle install
$ yarn install
- rename
sample.env
to.env
. Open .env and configure the options if you want to secure your server or get SMS/Email notifications working. Setup gmail app password here - run the server
$ ./server.sh
- visit
localhost:9292
in your browser - login as hashpass:hashpass
- for security reasons, create a new admin account & delete the hashpass user
- add a dictionary in the settings menu. Download dics
- add a hash in the hashes page by clicking ADD. Hash Generator
- select it by clicking the checkbox and click QUEUE
- choose your dictionary and click SUBMIT
- click CRACK
- PROFIT! 💰