A user-friendly Web interface to share an hashcatcracking box among multiple users with some pre-defined options.
Screenshots
Usage
Wavecrack can be used to do the following:
It is also possible to stop a crack. However, every cancelation is final.
A limit to the amount of concurrent cracks can be defined in the settings in order not to reduce the current cracks performance.
Requirements
Installation
Image may be NSFW.
Clik here to view.
Screenshots
- The homepage
Outline
- This Web application can be used to launch asynchronous password cracks with hashcat.
- The interface tries to be as user-friendly as possible and facilitates the password cracking method choice and to automate the succession of various attack modes.
- It also displays statistics regarding the cracked passwords and allows to export the cracked password list in CSV.
- The application is designed to be used in a multi-user environment with a strict segregation between the cracking results of different users: the user authentication can be done through an LDAP directory or basic auth.
Usage
Wavecrack can be used to do the following:
- Add new password hashes, choose the attack mode and the crack duration
- View the past and current cracks for your user with statistics and graphs
- View the overall load of the platform
- Upload a password-protected file and extract its hash
It is also possible to stop a crack. However, every cancelation is final.
A limit to the amount of concurrent cracks can be defined in the settings in order not to reduce the current cracks performance.
Requirements
- hashcat: follow these instructions for CPU only usage on a Kali linux host
- flask (>=0.10.1)
- celery (>=3.1.18)
- SQLite (>=3.8.7.4)
- rabbitmq-server (>= 3.4.3)
- Rules for hashcat (examples)
- Wordlists (examples)
Installation
- Install the RabbitMQ server and
python-ldap
requirements
$ apt-get install libsasl2-dev libldap2-dev libssl-dev rabbitmq-server
- Install the python requirements
$ pip install -r requirements.txt
- Create a
cracker/app_settings.py
configuration file from thecracker/app_settings.py.example
file and notably edit theMandatory settings
section:- The path of hashcat
- The RabbitMQ connection string: by default, the guest/guest account is used. Be sure to harden your installation
- The path of the SQLite database
- The path of the hashcat rules
- The path of the wordlists
- The LDAP parameters:
- IP address
- port
- LDAP database for the users
- Base DN
- Initialize the local database linked in the
cracker/app_settings.py
configuration file
$ sqlite3 base.db < base_schema.sql
- Start the RabbitMQ server
$ sudo service rabbitmq-server start
- Start Celery from the application folder
$ celery worker -A cracker.celery
- Launch the Flask Web server
- Directly from the
server.py
file: this mode is not suitable for production purpose
$ python server.py
- With a
wsgi script
: an example ofapp.wsgi.example
is provided - Similarly,
supervisorctl
can be used to manage celery with a configuration file example insupervisorcelery.conf.example
- Directly from the
- In order to stop the cracks after a certain amount of time, you can use the
provided cron script
. - If you want to update the list of hashes supported, you can use the
dedicated script
which will parse hashcat's wiki and generate an updated hashcat_hashes.py. To do so, you need to have BeautifulSoup installed on your system.
docker
folder.Image may be NSFW.
Clik here to view.