A powerful, multi-threaded password cracking tool written in Go with support for multiple hash types, PCAP analysis, and custom transformation rules.
This tool is intended for authorized security testing and educational purposes only. Unauthorized access to computer systems is illegal. Always ensure you have explicit written permission before testing any systems you do not own.
- 🔐 Multiple Hash Types: MD5, SHA1, SHA256, SHA512, BCrypt, NTLM
- 📦 PCAP Analysis: Extract credentials from network captures (HTTP, FTP, Telnet, SMB)
- 🔧 Rule Engine: Advanced password transformation rules (similar to Hashcat/John)
- ⚡ Multi-threaded: Efficient parallel processing
- 📊 Progress Tracking: Real-time statistics and progress bars
- 🎯 Multiple Input Formats: Hashcat format, Linux shadow files, plain hash files
- 🔍 Auto-detection: Automatically detects hash types
- 💾 Result Export: Save cracked passwords to file
- Go 1.21 or higher
- libpcap development files (for PCAP parsing)
# On Ubuntu/Debian
sudo apt-get install libpcap-dev
# On macOS
brew install libpcap
# On Fedora/RHEL
sudo dnf install libpcap-devel# Clone the repository
git clone https://github.com/gatiella/hashcrack.git
cd hashcrack
# Install dependencies
make deps
# Build
make build
# Install (optional)
sudo make install# Crack a single MD5 hash
./bin/hashcrack --hash 5f4dcc3b5aa765d61d8327deb882cf99 \
--wordlist wordlist.txt \
--hash-type md5
# Auto-detect hash type
./bin/hashcrack --hash 5f4dcc3b5aa765d61d8327deb882cf99 \
--wordlist wordlist.txt
# Use built-in rules
./bin/hashcrack --hash 5f4dcc3b5aa765d61d8327deb882cf99 \
--wordlist wordlist.txt \
--use-rules
# Use custom rules file
./bin/hashcrack --hash <hash> \
--wordlist wordlist.txt \
--rules custom_rules.txt
# Specify number of workers
./bin/hashcrack --hash <hash> \
--wordlist wordlist.txt \
--workers 8
# Save results to file
./bin/hashcrack --hash <hash> \
--wordlist wordlist.txt \
--output results.txt# Analyze PCAP file
./bin/hashcrack analyze capture.pcap
# Extract and crack credentials from PCAP
./bin/hashcrack --input capture.pcap \
--input-type pcap \
--wordlist wordlist.txt# Crack hashes from hashcat format file
./bin/hashcrack --input hashes.txt \
--input-type hashcat \
--wordlist wordlist.txt# Crack passwords from /etc/shadow
./bin/hashcrack --input shadow.txt \
--input-type shadow \
--wordlist wordlist.txt# List built-in rules
./bin/hashcrack rules list
# Test rules on a word
./bin/hashcrack rules test password
# Test with custom rules file
./bin/hashcrack rules test password --rules custom_rules.txt# Benchmark default hash type (MD5)
./bin/hashcrack benchmark
# Benchmark specific hash type
./bin/hashcrack benchmark --hash-type sha256
# Benchmark with specific worker count
./bin/hashcrack benchmark --hash-type md5 --workers 16| Hash Type | Identifier | Example |
|---|---|---|
| MD5 | md5 |
5f4dcc3b5aa765d61d8327deb882cf99 |
| SHA1 | sha1 |
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 |
| SHA256 | sha256 |
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 |
| SHA512 | sha512 |
b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86 |
| BCrypt | bcrypt |
$2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy |
| NTLM | ntlm |
8846F7EAEE8FB117AD06BDD830B7586C |
Rules use a syntax similar to Hashcat and John the Ripper:
| Rule | Description | Example |
|---|---|---|
: |
No change | password → password |
l |
Lowercase all | Password → password |
u |
Uppercase all | password → PASSWORD |
c |
Capitalize | password → Password |
t |
Toggle case | Password → pASSWORD |
r |
Reverse | password → drowssap |
d |
Duplicate | pass → passpass |
$X |
Append char X | password + $1 → password1 |
^X |
Prepend char X | password + ^1 → 1password |
[ |
Delete first | password → assword |
] |
Delete last | password → passwor |
L |
Leet speak | password → p4ssw0rd |
# rules.txt
: # No change
c # Capitalize
c$1 # Capitalize + append 1
c$! # Capitalize + append !
c$1$2$3 # Capitalize + append 123
L # Leet speak
c L # Capitalize + leet speak
$2$0$2$4 # Append 2024
-
Optimize Workers: Set workers to match your CPU cores
--workers $(nproc) -
Use Rules Efficiently: Rules multiply your wordlist size
- Start with common rules
- Use specific rules for targeted attacks
-
Wordlist Optimization: Use sorted, cleaned wordlists
-
Hash Type: Faster hashes (MD5, SHA1) are quicker to crack than slower hashes (BCrypt)
hashcrack/
├── cmd/hashcrack/ # Main application
├── internal/
│ ├── hasher/ # Hash implementations
│ ├── parser/ # File parsers
│ ├── rules/ # Rule engine
│ ├── wordlist/ # Wordlist handling
│ └── worker/ # Worker pool
├── pkg/capture/ # Credential extraction
├── configs/ # Configuration files
└── test/ # Tests
# Generate test hash
echo -n "password123" | md5sum
# Output: 482c811da5d5b4bc6d497ffa98491e38
# Crack it
./bin/hashcrack --hash 482c811da5d5b4bc6d497ffa98491e38 \
--wordlist rockyou.txt \
--use-rules \
--workers 8 \
--output found.txt# Capture credentials
./bin/hashcrack analyze traffic.pcap
# Output shows found credentials with protocols# Run tests
make test
# Run with coverage
make test-coverage
# Format code
make fmt
# Lint code
make lint
# Build for all platforms
make build-allContributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests
- Submit a pull request
MIT License - see LICENSE file for details
- Inspired by Hashcat and John the Ripper
- Uses gopacket for PCAP parsing
- Built with Cobra CLI framework
- Issues: https://github.com/gatiella/hashcrack/issues
- Documentation: https://github.com/gatiella/hashcrack/wiki
Remember: Only use this tool on systems you own or have explicit permission to test!