Caution
This repo is unmaintained, visit https://github.com/sadreck/crackerjack for the latest version.
Web Interface for Hashcat by Context Information Security
CrackerJack is a Web GUI for Hashcat developed in Python.
This project aims to keep the GUI and Hashcat independent. In a nutshell, here's how it works:
- User uploads hashes, selects wordlist/rules/mask etc, and clicks "start".
- Web server spawns a new screen.
- Generates the hashcat command based on the settings.
- Runs the command in the screen.
- Monitors the screen's output, parses it, and displays in the GUI.
This allows CrackerJack to be future-proof as it ties to the input/output of Hashcat. Also, if the GUI is not working for whatever reason, hashcat will keep running.
- Minimal dependencies
- Complete hashcat session management.
- Start/stop/pause/restore running sessions.
- Terminate cracking jobs after a specific date/time.
- Web interface for mask generation (?a?l?u).
- Web Push notifications when a password is cracked.
- Swagger 2.0 API.
- Create wordlists from already cracked passwords and feed back into the cracking session.
- Session history to track which attacks you have already performed.
- Multi-user support (local and/or LDAP).
- Wordlist/Mask/Rule support.
- Multiple theme support (Bootswatch).
- Straight-forward setup.
- Entire configuration is via the GUI. No need for manually editing config files.
- Run locally on Linux and Windows (WSL).
- Install on a server using ansible scripts (Ubuntu 14/16/18 and CentOS 7/8).
- Easy backups - all user data are in the
./data
directory.
- Troubleshoot sessions via SSH.
- Not a solution for queueing jobs - it's only for on-demand password cracking.
- Not meant to be a replacement for command-line usage. It's complimentary and only supports basic and most common cracking tasks.
- Will not install any GPU drivers. The main assumption is that you have a cracking rig already setup and are looking for a Web GUI.
- Wordlists and rules should already be present on the system.
As we maintain an internal tracker as well, before contributing please create an issue to discuss before implementing any features/changes.
CrackerJack is released under MIT License.
In addition, the following third-party components are also used:
- office2hashcat.py - modified BSD - https://github.com/stricture/hashstack-server-plugin-hashcat/
- keepass2john.py - GNU General Public License - https://gist.github.com/HarmJ0y/116fa1b559372804877e604d7d367bbc