In the realm of cybersecurity, passwords are the keys to our digital kingdoms. Imagine each password as a fortress protecting your most valuable treasures. However, not all fortresses are built the same; some are strong and impenetrable, while others are weak and easily breached.
Hash Crack is a Python-based tool designed to crack password hashes using a dictionary attack. The program allows for simultaneous cracking of multiple hashes by leveraging multi-core processing; for instance, if you have 3 CPU cores, it will compare 3 hashes concurrently. After the process is complete, a report of the cracked hashes will be generated in the "output" directory.
Hash Crack also supports the merging of multiple dictionaries into a single large dictionary to facilitate comprehensive password testing.
IMPORTANT!! If you find a password that you use within any of the dictionary lists, change it immediately. This indicates that the password has likely been compromised for a long time, and this tool demonstrates just how easily it can be cracked.
- Multi-Hash Cracking: Ability to crack several hashes concurrently, utilizing multiple CPU cores for efficiency.
- Supported Hash Algorithms: Includes support for a wide range of hash algorithms, such as SHA-256, MD5, SHA3-256, and many more.
- Customizable Parameters: Allows customization of encoding formats and the number of processing cores used.
- Dictionary Attack: Utilizes dictionary files to perform attacks, and supports merging multiple dictionaries for comprehensive testing.
- Bruteforce Attack: Allows you to build your own combination for attacks, enhancing the tool's flexibility and power.
- Real-Time Reporting: Generates a report in real-time, updating with each cracked hash.
To install the tool, follow these steps:
- Clone the repository:
- Navigate to the project directory:
- Install the required dependencies:
git clone https://github.com:LittleAtariXE/HashCrack.git
cd HashCrack
pip install -r requirements.txt
To start the program, enter the following command in the console:
python3 hc.py
You can also add optional parameters:
encode_format=ascii
- Before converting the password to its hash form, it must be transformed into a byte value. This parameter sets the encoding to "ascii". The default is "utf-8".process_num=3
- By default, each hash is cracked using one core (one processor). This means if you have 4 cores, the program will automatically check 4 hashes simultaneously. This parameter allows you to change the number of Python processes. For example, if you have 4 cores, you can force the use of only 2 processes, or if you have 2 cores, you can use up to 10 processes.
These parameters are optional, and you do not need to specify them.
After starting the program, the following directories will be created in the program directory:
input
- Place the list of hashes to be cracked here (preferably using a .txt file). Hashes should be listed one per line. Two formats are acceptable:hash
login:hash
library
- This is the directory where you place your word lists for the attack (also known as dictionaries). You can have multiple dictionaries, but only one can be loaded for the attack at a time.- In the
library
directory, there is a folder namedmy_combos
. You can place various word lists here and then combine them into one large dictionary within the program. The program will combine all files frommy_combos
. The resulting file will be displayed in thelibrary
directory. The script will remove duplicate words, so repeated passwords in dictionaries are not an issue.
Remember, if you are merging files with millions of passwords, it may take some time. Please be patient.
- In the
output
- This directory will contain the report file of the cracked hashes. The file can be checked in real-time and is updated after each hash is cracked.
Adding additional files with hashes will append new hashes. If you want to remove hashes, you must use a separate option. Loading hashes does not replace existing ones.
When you choose the "Prepare Brute Force Attack" option, you will be able to select the combination of characters used for the attack. The next option is the number of characters used in the attack, and there are two possibilities:
- Providing a single number, e.g., 3 - This will build passwords starting from one character and ending at the number you provided. For example, from 'a' to 'zzz'.
- Providing a "$" sign before the number, e.g., $3 - This will build passwords exactly with that number of characters. For example, from 'aaa' to 'zzz'.
- sha256
- md5
- sha3_256
- blake2s
- sm3
- whirlpool
- blake2b
- shake_256
- sha224
- sha384
- sha512_224
- sha3_384
- sha512_256
- sha1
- shake_128
- sha3_512
- sha512
- ripemd160
- md4
- sha3_224
- md5-sha1
The program's menu is simple, so you should have no trouble navigating it. When selecting the option to load files, a list of available files will automatically be displayed. You do not need to specify any names; just choose from the list. In the "status" option, you can check the number of loaded hashes and the number of loaded passwords.
Available attack modes:
- Dictionary Attack
- BruteForce Attack
Use the program for educational purposes and fun. Do not crack other users' passwords!