hashview v0.8 beta releases: web front-end for password cracking & analytics

Hashview is a tool for security professionals to help organize and automate the repetitious tasks related to password cracking. Hashview is a web application that manages hashcat (https://hashcat.net) commands. Hashview strives to bring consistency in your hashcat tasks while delivering analytics with pretty pictures ready for ctrl+c, ctrl+v into your reports.

Changelog [v0.8.0-Beta] – 2022-06-11

Added

• Added support for pushover & email notifications
• Added support for data retention
• User roles. Now you have admins and non-admins.
• Added a last login date to the users list.

Changed

• Everything is now python
• Moved SMTP settings to config file
• Hashview Agent is now packaged with hashview (server) under install directory. Can be downloaded from agents menu as admin
• Changed from itsdangerous to authlib for password reset token generation (please make sure to update your environments to include authlib).
• Changed from the python-pushover package, to a call directly to the Pushover API.
• Changed from Flask-Bcrypt to Bcrypt-Flask.

Removed

• Removed hashview agent from local processing. If you want to run hashview AND crack hashes on the same box run the hashview-agent in a seperate screen/tmux session

Installation

Server Requirements

1. Python 3.7+
2. Mysql DB installed with known username/password
3. Access to an SMTP email service (used for password resets and notifications)

Agent Requirements

1. Python 3.7+
2. Hashcat 6.2.x+

Installation

Follow these instructions to install Hashview Server on the Ubuntu server. In theory, Hashview should be able to run on any *nix system, but the dev’s only installed/tested on Debian/Ubuntu.

Install mysql

sudo apt update

sudo apt install mysql-server

sudo mysql_secure_installation

Configure MySQL

Log into your mysql server and create a dedicated user for hashview. Hashview can run as root, but doesn’t need to. And since we practice what we preach. we should use a lower priv account for this. If you’re installing hashview on a different server than the system where the mysql db is running on, adjust the account creation.

sudo mysql

CREATE USER 'hashview'@'localhost' IDENTIFIED BY 'DoNotUseThisPassword123!';

GRANT ALL PRIVILEGES ON hashview.* TO 'hashview'@'localhost';

FLUSH PRIVILEGES;

create database hashview;

exit

Install Hashview Server

The following are to install hashview after the mysql db has been set up.

sudo apt-get install python3 python3-pip python3-flask

git clone https://github.com/hashview/hashview/

cd hashview

pip3 install -r requirements.txt

./setup.py

./hashview.py # (note you can add a --debug if you are attempting to troubleshoot an issue)

4) Log into your hashview server

Navigate to your server, the default port is 8443. https://IP:8443

(note) Because hashview is installed with a self-signed certificate, you will be prompted about it being invalid. You’re welcome to use properly signed certs by replacing the files under hashview/hashview/control/ssl/

Once logged in, before you can start cracking hashes, you need to install a Hashview-Agent.

Installing Hashview-Agent

After you’ve installed hashview you will need to install a hashview-agent. The agent can run on the same system as hashview but doesn’t have to.

1) Log in to hashview as an Administrator

2) Navigate to Agents Menu

3) Click Download Agent to get a .tgz package of the hashview-agent

4) Move the agent to the system you’d like to run it on

5) Install Agent

You will need to decompress the package and run the hashview-agent.py script. Upon initial execution, it will prompt you for information about your hashview server.

tar -xzvf hashview-agent.<version>.tgz

cd install/

cp -r hashview-agent ../

cd ../hashview-agent

python3 ./hashview-agent.py

6) Once running, you (or another admin) will need to navigate back into Hashview->Manage->agents and approve the agent.

Screenshot

Author:

• @caseycammilleri
• @jarsnah12