WebHashcat: Hashcat web interface
Hashcat web interface
WebHashcat is a very simple but efficient web interface for hashcat password cracking tool. It hashes the following features:
- Distributed cracking sessions between multiple servers (you only need to install HashcatNode on the remote server)
- Cracked hashes are displayed almost as soon as they are cracked
- Cracking session restore (for example after host reboot)
- Upload plaintext files for analytics purposes
Currently, WebHashcat supports rule-based and mask-based attack mode
This project is composed of 2 parts:
- WebHashcat, the web interface made with the Django framework
- HashcatNode, A hashcat wrapper which creates an API over hashcat
Adding rules, masks, and wordlists to webhashcat
Go to the Hashcat > Files page, then simply use the upload button to add new files. Note that uploaded files are added to webhashcat but not deployed to nodes yet.
Registering a node
The nodes can be simply added and removed on the Node page, you only need to define the ip, port, username, and password (as defined in the hashcatnode configuration script).
Once a node is registered, click on the node and hit the synchronize button on the top. Rules, Masks, and Wordlists should now be uploaded to the node (all files should be green).
Adding a hashfile
In the hashcat page, simply hit the bottom “add” button to upload a new hashfile, after comparing the new hashfile to the centralized potfile (can take a few minutes with huge hashfiles), your hashfile should appear in the list.
Creating a cracking session
Simply hit the “+” button on the left of the hashfile, then select the desired cracking method. Note that sessions aren’t started automatically, you will need to use the “play” button to start them.
If you set the cron to 5 minutes, the central potfile will be updated every 5 minutes with newly cracked hashes.
Simply click on the hashfile to view the results, it can take few seconds on huge hashfiles. Note that you can also download the results on both the hashfile list and hashfile views.
Copyright (c) 2016 Hegusung