Skip to content

dj-zombie/hashpass

Repository files navigation

Hashpass cracking WebApp & Server for ✨hashcat✨

Complete wrapper that offers every feature of hashcat in an easy to use UI. From now on, there is no better way to interface with hashcat than Hashpass!

Dashboard: screenshot from 2018-09-27 15-42-36 screenshot from 2018-09-27 15-45-11 screenshot from 2018-09-27 15-48-05 screenshot from 2018-09-27 15-48-43 screenshot from 2018-09-27 15-49-14 screenshot from 2018-09-27 15-49-29 screenshot from 2018-09-27 15-50-57 screenshot from 2018-09-27 15-54-26 screenshot from 2018-09-27 15-55-02 screenshot from 2018-09-27 16-10-13 screenshot from 2018-09-27 16-12-01

Features

  • Backend API server for sending hashes and controlling the application remotely. (Ruby/SQLite)
  • Custom designed frontend similar to a terminal environment. (VueJS)
  • Hash queing
  • Cracking progress is updated in real time. Hashcat output automatically gets fed into the frontend. Websockets implementation in next release!
  • Database driven. Upload and manage hashes, dictionaries, rules with attack history and pause/resume
  • Auth with user account roles and management settings
  • Regular security hardning against common attacks such as XSS, SQL injection, click jacking and CSRF
  • SMS and Email notifcations
  • Maps integration for attaching lat/long to your hashes. Great for WIFI ;) New method of wardriving but also cracking the hash in real time! Anyone else doing this?
  • Agents, two kinds: RottenPi & Hive. RottenPi is another project of mine that allows me to capture hashes via Responder/PMKID/Handshakes etc and queue them up for cracking with the hashpass API. Hive is my project for distributed password cracking which will allow a network of computers running hashcat to recieve a chunk of the keyspace.

Installation

Linux (debian)

  • Install Ruby $ apt install ruby-full -y
  • Install yarn $ curl -o- -L https://yarnpkg.com/install.sh | bash

Mac

  • Install NodeJS and Yarn: Install Guide
  • Install Ruby $ brew install ruby. For development I recommend RVM

Window$$? (aka Evil Corp)

.........

All platforms

  • $ git pull [email protected]:dj-zombie/hashpass.git
  • $ cd hashcat
  • $ gem install bunlder && bundle install
  • $ yarn install
  • rename sample.env to .env. Open .env and configure the options if you want to secure your server or get SMS/Email notifications working. Setup gmail app password here
  • run the server $ ./server.sh
  • visit localhost:9292 in your browser
  • login as hashpass:hashpass
  • for security reasons, create a new admin account & delete the hashpass user
  • add a dictionary in the settings menu. Download dics
  • add a hash in the hashes page by clicking ADD. Hash Generator
  • select it by clicking the checkbox and click QUEUE
  • choose your dictionary and click SUBMIT
  • click CRACK
  • PROFIT! 💰

About

Hash cracking WebApp & Server for hashcat

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published