hate_crack
A tool for automating cracking methodologies through Hashcat from the TrustedSec team.
Top Related Projects
World's fastest and most advanced password recovery utility
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
Hashtopolis - distributed password cracking with Hashcat
CeWL is a Custom Word List Generator
Common User Passwords Profiler (CUPP)
Quick Overview
Hate_crack is a password cracking tool designed to automate and streamline the process of cracking passwords using various methods and tools. It combines multiple cracking techniques and utilities into a single, user-friendly interface, making it easier for security professionals to test password strength and conduct penetration testing.
Pros
- Integrates multiple password cracking tools and techniques into one interface
- Automates many aspects of the password cracking process, saving time and effort
- Provides a user-friendly menu system for easy navigation and operation
- Supports various hash types and cracking methods
Cons
- Requires multiple dependencies and tools to be installed separately
- May be considered a potentially harmful tool if used improperly
- Limited documentation and support compared to more established cracking tools
- Primarily designed for Linux systems, which may limit its accessibility for some users
Getting Started
To get started with Hate_crack:
-
Clone the repository:
git clone https://github.com/trustedsec/hate_crack.git -
Install dependencies:
sudo apt-get install hashcat pip install -r requirements.txt -
Configure the tool by editing the
hate_crack.cfgfile:nano hate_crack.cfg -
Run the tool:
python3 hate_crack.py -
Follow the on-screen menu to select your desired cracking method and options.
Note: Ensure you have the necessary permissions and are using this tool ethically and legally.
Competitor Comparisons
World's fastest and most advanced password recovery utility
Pros of hashcat
- Highly optimized and efficient password cracking tool
- Supports a wide range of hash types and attack modes
- Utilizes GPU acceleration for faster cracking speeds
Cons of hashcat
- Steeper learning curve for beginners
- Requires more manual configuration and command-line usage
- Less automated workflow compared to hate_crack
Code Comparison
hate_crack (Python wrapper):
def hate_crack():
print("Starting hate_crack...")
subprocess.call(["./hate_crack.sh"])
hashcat (Direct usage):
hashcat -m 0 -a 0 hash.txt wordlist.txt
hate_crack provides a more user-friendly interface and automates various hashcat functions, while hashcat offers direct control and flexibility for advanced users.
hate_crack is designed as a wrapper around hashcat, combining multiple tools and techniques to streamline the password cracking process. It includes features like automated wordlist generation and rule application.
hashcat, on the other hand, is the core password cracking engine that provides raw performance and extensive customization options for experienced users.
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
Pros of John the Ripper
- More comprehensive and feature-rich password cracking tool
- Supports a wider range of hash types and encryption algorithms
- Actively maintained with regular updates and improvements
Cons of John the Ripper
- Steeper learning curve for beginners
- Can be more complex to set up and configure for specific use cases
- Requires more system resources for advanced cracking tasks
Code Comparison
John the Ripper:
john --wordlist=password.lst --rules --stdout > mutated_wordlist.txt
john --format=md5crypt hashes.txt
Hate_crack:
python hate_crack.py -w wordlist.txt -r rules.txt
python hate_crack.py -f hashes.txt -t md5
Summary
John the Ripper is a more powerful and versatile password cracking tool, offering support for numerous hash types and advanced features. However, it may be more challenging for beginners to use effectively. Hate_crack, on the other hand, provides a simpler interface and focuses on specific cracking tasks, making it more accessible for users with less experience in password cracking. Both tools have their strengths, and the choice between them depends on the user's needs and expertise level.
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
Pros of John the Ripper
- More comprehensive and feature-rich password cracking tool
- Supports a wider range of hash types and encryption algorithms
- Actively maintained with regular updates and improvements
Cons of John the Ripper
- Steeper learning curve for beginners
- Can be more complex to set up and configure for specific use cases
- Requires more system resources for advanced cracking tasks
Code Comparison
John the Ripper:
john --wordlist=password.lst --rules --stdout > mutated_wordlist.txt
john --format=md5crypt hashes.txt
Hate_crack:
python hate_crack.py -w wordlist.txt -r rules.txt
python hate_crack.py -f hashes.txt -t md5
Summary
John the Ripper is a more powerful and versatile password cracking tool, offering support for numerous hash types and advanced features. However, it may be more challenging for beginners to use effectively. Hate_crack, on the other hand, provides a simpler interface and focuses on specific cracking tasks, making it more accessible for users with less experience in password cracking. Both tools have their strengths, and the choice between them depends on the user's needs and expertise level.
Hashtopolis - distributed password cracking with Hashcat
Pros of Hashtopolis
- More comprehensive password cracking management system with a client-server architecture
- Supports multiple cracking tools and distributed cracking across multiple machines
- Actively maintained with regular updates and a larger community
Cons of Hashtopolis
- More complex setup and configuration compared to Hate_Crack
- Requires a dedicated server and database, which may be overkill for smaller operations
- Steeper learning curve for users new to password cracking tools
Code Comparison
Hate_Crack (bash script):
#!/bin/bash
# Hate_Crack
# Author: TrustedSec
if [ ! -f $HATE_PATH/config.json ]; then
echo "config.json not found!"
exit 1
fi
Hashtopolis (PHP):
<?php
// Hashtopolis server
// Author: Hashtopolis Team
require_once(dirname(__FILE__) . "/inc/load.php");
$OBJECTS = array();
$OBJECTS['config'] = new Config();
$OBJECTS['dbh'] = $FACTORIES::getDB();
Summary
Hashtopolis is a more feature-rich and scalable solution for password cracking management, while Hate_Crack is a simpler, more lightweight tool. Hashtopolis offers better support for large-scale operations and distributed cracking, but requires more setup and resources. Hate_Crack is easier to use for smaller tasks but lacks the advanced features and scalability of Hashtopolis.
CeWL is a Custom Word List Generator
Pros of CeWL
- Focused on custom wordlist generation from web crawling
- Lightweight and easy to use
- Supports various output formats (plain text, grepable)
Cons of CeWL
- Limited to web-based wordlist generation
- Lacks advanced password cracking features
- May require additional tools for comprehensive password attacks
Code Comparison
CeWL (Ruby):
def parse_page(url, depth)
@depth = depth
@url = url
@wordlist = {}
@emails = []
@meta_data = {}
hate_crack (Python):
def show_banner():
print(r"""
██╗ ██╗ █████╗ ████████╗███████╗ ██████╗██████╗ █████╗ ██████╗██╗ ██╗
██║ ██║██╔══██╗╚══██╔══╝██╔════╝ ██╔════╝██╔══██╗██╔══██╗██╔════╝██║ ██╔╝
███████║███████║ ██║ █████╗ ██║ ██████╔╝███████║██║ █████╔╝
██╔══██║██╔══██║ ██║ ██╔══╝ ██║ ██╔══██╗██╔══██║██║ ██╔═██╗
██║ ██║██║ ██║ ██║ ███████╗ ╚██████╗██║ ██║██║ ██║╚██████╗██║ ██╗
╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝ ╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝
""")
While CeWL focuses on web crawling and wordlist generation, hate_crack is a more comprehensive password cracking tool with additional features and automation capabilities.
Common User Passwords Profiler (CUPP)
Pros of cupp
- Simpler and more lightweight tool, easier to use for beginners
- Generates custom wordlists based on user input, allowing for targeted password cracking
- Supports multiple output formats (STDOUT, text file, Alecto DB, JTR format)
Cons of cupp
- Limited to generating wordlists based on personal information
- Lacks advanced features like rule-based password cracking or GPU acceleration
- May produce less comprehensive wordlists compared to hate_crack's extensive options
Code Comparison
cupp:
def interactive():
print_logo()
print("\n[+] Insert the information about the victim to make a dictionary")
print("[+] If you don't know all the info, just hit enter when asked! ;)\n")
# User input collection and wordlist generation
hate_crack:
def hate_crack_menu():
while True:
print("\n\t\t\t\033[1;31;40m>> HATE_CRACK MAIN MENU <<\033[0m")
print("\n\t(1) Wordlist Management")
print("\t(2) Wordlist Analysis")
print("\t(3) Cracking Sessions")
print("\t(4) Rules Management")
print("\t(5) PRINCE Attack")
print("\t(6) Exit")
# Menu-driven interface for various cracking options
hate_crack offers a more comprehensive suite of tools for password cracking, including wordlist management, analysis, and various attack methods. cupp focuses primarily on generating custom wordlists based on personal information, making it more suitable for targeted attacks but less versatile overall.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
___ ___ __ _________ __
/ | \_____ _/ |_ ____ \_ ___ \____________ ____ | | __
/ ~ \__ \\ __\/ __ \ / \ \/\_ __ \__ \ _/ ___\| |/ /
\ Y // __ \| | \ ___/ \ \____| | \// __ \\ \___| <
\___|_ /(____ /__| \___ >____\______ /|__| (____ /\___ >__|_ \
\/ \/ \/_____/ \/ \/ \/ \/
Installation
Get the latest hashcat binaries (https://hashcat.net/hashcat/)
git clone https://github.com/hashcat/hashcat.git
cd hashcat/
make
make install
Download hate_crack
git clone https://github.com/trustedsec/hate_crack.git
- Customize binary and wordlist paths in "config.json"
- Make sure that at least "rockyou.txt" is within your "wordlists" path
Create Optimized Wordlists
wordlist_optimizer.py - parses all wordlists from <input file list>, sorts them by length and de-duplicates into <output directory>
usage: python wordlist_optimizer.py <input file list> <output directory>
$ python wordlist_optimizer.py wordlists.txt ../optimized_wordlists
Usage
$ ./hate_crack.py usage: python hate_crack.py <hash_file> <hash_type>
The <hash_type> is attained by running hashcat --help
Example Hashes: http://hashcat.net/wiki/doku.php?id=example_hashes
$ hashcat --help |grep -i ntlm
5500 | NetNTLMv1 | Network protocols
5500 | NetNTLMv1 + ESS | Network protocols
5600 | NetNTLMv2 | Network protocols
1000 | NTLM | Operating-Systems
$ ./hate_crack.py <hash file> 1000
___ ___ __ _________ __
/ | \_____ _/ |_ ____ \_ ___ \____________ ____ | | __
/ ~ \__ \\ __\/ __ \ / \ \/\_ __ \__ \ _/ ___\| |/ /
\ Y // __ \| | \ ___/ \ \____| | \// __ \\ \___| <
\___|_ /(____ /__| \___ >____\______ /|__| (____ /\___ >__|_ \
\/ \/ \/_____/ \/ \/ \/ \/
Version 1.09
(1) Quick Crack
(2) Extensive Pure_Hate Methodology Crack
(3) Brute Force Attack
(4) Top Mask Attack
(5) Fingerprint Attack
(6) Combinator Attack
(7) Hybrid Attack
(8) Pathwell Top 100 Mask Brute Force Crack
(9) PRINCE Attack
(10) YOLO Combinator Attack
(11) Middle Combinator Attack
(12) Thorough Combinator Attack
(13) Bandrel Methodology
(95) Analyze hashes with Pipal
(96) Export Output to Excel Format
(97) Display Cracked Hashes
(98) Display README
(99) Quit
Select a task:
Quick Crack
- Runs a dictionary attack using all wordlists configured in your "hcatOptimizedWordlists" path and optionally applies a rule that can be selected from a list by ID number. Multiple rules can be selected by using a comma separated list, and chains can be created by using the '+' symbol.
Which rule(s) would you like to run?
(1) best64.rule
(2) d3ad0ne.rule
(3) T0XlC.rule
(4) dive.rule
(99) YOLO...run all of the rules
Enter Comma separated list of rules you would like to run. To run rules chained use the + symbol.
For example 1+1 will run best64.rule chained twice and 1,2 would run best64.rule and then d3ad0ne.rule sequentially.
Choose wisely:
Extensive Pure_Hate Methodology Crack
Runs several attack methods provided by Martin Bos (formerly known as pure_hate)
- Brute Force Attack (7 characters)
- Dictionary Attack
- All wordlists in "hcatOptimizedWordlists" with "best64.rule"
- wordlists/rockyou.txt with "d3ad0ne.rule"
- wordlists/rockyou.txt with "T0XlC.rule"
- Top Mask Attack (Target Time = 4 Hours)
- Fingerprint Attack
- Combinator Attack
- Hybrid Attack
- Extra - Just For Good Measure
- Runs a dictionary attack using wordlists/rockyou.txt with chained "combinator.rule" and "InsidePro-PasswordsPro.rule" rules
Brute Force Attack
Brute forces all characters with the choice of a minimum and maximum password length.
Top Mask Attack
Uses StatsGen and MaskGen from PACK (https://thesprawl.org/projects/pack/) to perform a top mask attack using passwords already cracked for the current session. Presents the user a choice of target cracking time to spend (default 4 hours).
Fingerprint Attack
https://hashcat.net/wiki/doku.php?id=fingerprint_attack
Runs a fingerprint attack using passwords already cracked for the current session.
Combinator Attack
https://hashcat.net/wiki/doku.php?id=combinator_attack
Runs a combinator attack using the "rockyou.txt" wordlist.
Hybrid Attack
https://hashcat.net/wiki/doku.php?id=hybrid_attack
- Runs several hybrid attacks using the "rockyou.txt" wordlists.
- Hybrid Wordlist + Mask - ?s?d wordlists/rockyou.txt ?1?1
- Hybrid Wordlist + Mask - ?s?d wordlists/rockyou.txt ?1?1?1
- Hybrid Wordlist + Mask - ?s?d wordlists/rockyou.txt ?1?1?1?1
- Hybrid Mask + Wordlist - ?s?d ?1?1 wordlists/rockyou.txt
- Hybrid Mask + Wordlist - ?s?d ?1?1?1 wordlists/rockyou.txt
- Hybrid Mask + Wordlist - ?s?d ?1?1?1?1 wordlists/rockyou.txt
Pathwell Top 100 Mask Brute Force Crack
Runs a brute force attack using the top 100 masks from KoreLogic: https://blog.korelogic.com/blog/2014/04/04/pathwell_topologies
PRINCE Attack
https://hashcat.net/events/p14-trondheim/prince-attack.pdf
Runs a PRINCE attack using wordlists/rockyou.txt
YOLO Combinator Attack
Runs a continuous combinator attack using random wordlists from the optimized wordlists for the left and right sides.
Middle Combinator Attack
https://jeffh.net/2018/04/26/combinator_methods/
Runs a modified combinator attack adding a middle character mask: wordlists/rockyou.txt + masks + worklists/rockyou.txt
Where the masks are some of the most commonly used separator characters:
2 4
Thorough Combinator Attack
https://jeffh.net/2018/04/26/combinator_methods/
- Runs many rounds of different combinator attacks with the rockyou list.
- Standard Combinator attack: rockyou.txt + rockyou.txt
- Middle Combinator attack: rockyou.txt + ?n + rockyou.txt
- Middle Combinator attack: rockyou.txt + ?s + rockyou.txt
- End Combinator attack: rockyou.txt + rockyou.txt + ?n
- End Combinator attack: rockyou.txt + rockyou.txt + ?s
- Hybrid middle/end attack: rockyou.txt + ?n + rockyou.txt + ?n
- Hybrid middle/end attack: rockyou.txt + ?s + rockyou.txt + ?s
Bandrel Methodology
- Prompts for input of comma separated names and then creates a pseudo hybrid attack by capitalizing the first letter
and adding up to six additional characters at the end. Each word is limited to a total of five minutes.
- Built in additional common words including seasons, months has been included as a customizable config.json entry
- The default five minute time limit is customizable via the config.json
Version History
Version 1.9 Revamped the hate_crack output to increase processing speed exponentially combine_ntlm_output function for combining Introducing New Attack mode "Bandrel Methodology" Updated pipal function to output top x number of basewords
Version 1.08 Added a Pipal menu Option to analyze hashes. https://github.com/digininja/pipal
Version 1.07 Minor bug fixes with pwdump formating and unhexify function
Version 1.06 Updated the quick crack and recylcing functions to use user customizable rules.
Version 1.05 Abstraction of rockyou.txt so that you can use whatever dictionary that you would like to specified in the config.json Minor change the quickcrack that allows you to specify 0 for number of times best64 is chained
Version 1.04 Two new attacks Middle Combinator and Thorough Combinator
Version 1.03 Introduction of new feature to use session files for multiple concurrent sessions of hate_crack Minor bug fix
Version 1.02 Introduction of new feature to export the output of pwdump formated NTDS outputs to excel with clear-text passwords
Version 1.01 Minor bug fixes
Version 1.00 Initial public release
Top Related Projects
World's fastest and most advanced password recovery utility
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
Hashtopolis - distributed password cracking with Hashcat
CeWL is a Custom Word List Generator
Common User Passwords Profiler (CUPP)
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot