A Python-based wrapper for Hashcat, offering a simplified menu interface for password cracking tasks. This tool enables users to conduct various attack types through an intuitive, menu-driven interface.
Caution
This tool is provided "as-is," without any express or implied warranties. The author assumes no responsibility for any damages, losses, or consequences arising from the use of this tool. It is specifically designed for penetration testing purposes, and should only be used in legal and authorized environments, such as with explicit permission from the system owner. Unauthorized use or misuse of this tool, in violation of applicable laws, is strictly prohibited. Users are strongly advised to comply with all relevant local, national, and international laws and obtain proper authorization before performing any security assessments.
- Multiple attack modes: wordlists, rules, brute-force, and hybrid attacks.
- An interactive menu for selecting and configuring cracking options.
- Session restoration support for interrupted sessions.
- Designed for compatibility across Linux and Windows environments.
- OS: Any Linux distribution
- Programs:
- Hashcat: Install from hashcat.net
- Optional: For WPA2 cracking, additional tools like aircrack-ng, hcxtools, and hcxdumptool are recommended.
Distribution-specific Commands:
- Debian/Ubuntu:
sudo apt update && sudo apt install hashcat python3 python3-pip python-termcolor - Fedora:
sudo dnf install hashcat python3 python3-pip python-termcolor
- Arch Linux/Manjaro:
sudo pacman -S hashcat python python-pip python-termcolor
- OS: Windows 10 or later
- Programs:
- Hashcat: Download the Windows version from hashcat.net
- Python: Install from python.org
- Optional: For a Linux-like environment, set up Windows Subsystem for Linux (WSL)
Tip
Recommended wordlists, rules, and masks can be found in repositories like SecLists and wpa2-wordlists.
- Install hashCrack with pip:
You can install
hashCrackdirectly from the Python Package Index (PyPI) using the following command:pip install hashcrack-tool
- Running hashCrack:
After installation, you can run
hashCrackby specifying the hash file you want to crack:hashcrack hash
hashcrack_demo.mp4
Tip
(Optional) Download default wordlists and rules:
git clone https://github.com/ente0/hashcat-defaults
cd ..
cp -rf hashcat-defaults/* .
rm -r hashcat-defaultsImportant
The cracking results will be stored in ~/.hashCrack/logs/session, specifically in status.txt.
For the latest release versions of hashCrack, visit the hashCrack Releases page.
hashCrack supports the following attack modes:
| # | Mode | Description |
|---|---|---|
| 0 | Straight | Uses a wordlist directly to attempt cracks |
| 1 | Combination | Combines two dictionaries to produce candidate passwords |
| 3 | Brute-force | Attempts every possible password combination based on a specified character set |
| 6 | Hybrid Wordlist + Mask | Uses a wordlist combined with a mask to generate variations |
| 7 | Hybrid Mask + Wordlist | Uses a mask combined with a wordlist for generating password candidates |
| 9 | Association | For specific hash types where known data is combined with brute-force attempts |
The main menu provides easy access to various cracking methods:
| Option | Description | Script |
|---|---|---|
| 1 (Mode 0) | Crack with Wordlist | Executes wordlist-based cracking |
| 2 (Mode 9) | Crack with Rules | Executes rule-based cracking |
| 3 (Mode 3) | Crack with Brute-Force | Executes brute-force cracking |
| 4 (Mode 6) | Crack with Combinator | Executes hybrid wordlist + mask cracking |
| 0 | Clear Hashcat Potfile | Deletes the potfile to clear previous hash results |
| X | Switch Current OS Menu | Updates the menu and script settings based on the current OS |
| Q | Quit | Exits the program |
hashcat -a 0 -m 400 example400.hash example.dict # Wordlist
hashcat -a 0 -m 0 example0.hash example.dict -r best64.rule # Wordlist + Rules
hashcat -a 3 -m 0 example0.hash ?a?a?a?a?a?a # Brute-Force
hashcat -a 1 -m 0 example0.hash example.dict example.dict # Combination
hashcat -a 9 -m 500 example500.hash 1word.dict -r best64.rule # AssociationIf you encounter errors when running Hashcat, you can follow these steps to troubleshoot:
-
Test Hashcat Functionality: First, run a benchmark test to ensure that Hashcat is working properly:
hashcat -b
This command will perform a benchmark on your system to check Hashcat's overall functionality. If this command works without issues, Hashcat is likely properly installed.
-
Check Available Devices: To verify that Hashcat can detect your devices (such as GPUs) for cracking, use the following command:
hashcat -I
This command will list the available devices. Ensure that the correct devices are listed for use in cracking.
-
Check for Errors in Hashcat: If the cracking process fails or Hashcat doesn't seem to recognize your devices, running the above tests should help identify potential problems with your system configuration, such as missing or incompatible drivers.
-
Permissions: If you encounter permission issues (especially on Linux), consider running Hashcat with elevated privileges or configuring your user group correctly for GPU access. You can run Hashcat with
sudoif necessary:sudo hashcat -b
The main hashCrack script consists of:
- Initialization: Loads default parameters and reusable functions.
- User Prompts: Gathers inputs from the user such as wordlist location, session names, and attack type.
- Command Construction: Constructs the Hashcat command based on user inputs and specified attack mode.
- Execution: Runs the cracking session with or without status timers.
- Logging: Saves session results for future reference.
To report bugs, issues, or feature requests, please open a new issue on GitHub Issues.
For further questions or assistance, contact us via email.
For more resources, consider the following repositories:
To capture WPA2 hashes, follow this guide on the 4-way handshake and see this video to see how the attack actually works. For more details on Hashcat’s attack modes and usage, consult the Hashcat Wiki, Radiotap Introduction, or Aircrack-ng Guide.