Autocrack – Hashcat Wrapper To Help Automate The Cracking Process

Autocrack is python script is a Hashcat wrapper to help automate the cracking process. The script includes multiple functions to select a set of wordlists and rules, as well as the ability to run a bruteforce attack, with custom masks, before the wordlist/rule attacks.

Autocrack uses Python 3, which is usually installed already in various Linux distributions. To install Python 3 in OS X, follow the instructions here.

Also Read XSS-Payload-List : Cross Site Scripting ( XSS ) Vulnerability Payload List

Be sure to set the path variables at the beginning of the script.

usage: [-h] [-b NUM] [-bm BRUTEMASK]
                    [-cr CUSTOMRULES] [-cw CUSTOMWL] [-f] [-i INPUTFILE]
                    [-l LOGFILE] [-lh [LISTHASHMODE]] [-lw {all,small,custom}]
                    [-m HASHMODE] [-p] [-pu] [-r {all,simple,singles,combos}]
                    [-s] [-t WLFILTER] [-u] [-w {all,small,custom}]
                    [-ws WORDLISTSIZE]

optional arguments:
  -h, --help            show this help message and exit
  -b NUM, --brute NUM   Start cracking with brute force. Specify max length (1-55)
  -bm BRUTEMASK, --brutemask BRUTEMASK
                        Character types to brute force (?a, ?u, ?l, ?s, ?d);
                        If only one type is specified, all positions will be
                        brute forced with that character type
  -cr CUSTOMRULES, --customrules CUSTOMRULES
                        Comma separated list of rules to run; rules are run in
                        the order of left to right
  -cw CUSTOMWL, --customwl CUSTOMWL
                        Comma separated list of the full path to one or more wordlists
  -f, --force           Pass the force parameter to Hashcat
  -i INPUTFILE, --inputfile INPUTFILE
                        Path to file with hashes
  -l LOGFILE, --logfile LOGFILE
                        Path to log the cracking session
  -lh [LISTHASHMODE], --listhashmode [LISTHASHMODE]
                        List hash types and their associated mode; provide a
                        keyword to filter results
  -lw {all,small,custom}, --listwordlists {all,small,custom}
                        List wordlists in BASESUPPORTFILESPATH/wordlists; -t
                        (filter) and -ws (wordlist size) can be used to affect
  -m HASHMODE, --hashmode HASHMODE
                        Hashcat cracking algorithm
  -p, --pwds            Output the list of cracked passwords (for pipal
  -pu, --pwdsunique     Output a uniqued list of cracked passwords
  -r {all,simple,singles,combos}, --rules {all,simple,singles,combos}
                        Specify which hashcat set of rules to use
  -s, --show            Display cracked credentials
  -t WLFILTER, --wlfilter WLFILTER
                        Filters the wordlists to only include file names that
                        contain the keyword
  -u, --username        Pass the username parameter to Hashcat
  -v {0,1,2}, --verbose {0,1,2}
                        Specify a verbosity level: 0: Informational, 1:
                        Verbose, 2: Include Hashcat Output
  -w {all,small,custom}, --wordlists {all,small,custom}
                        Specify which set of wordlists to use; "custom" uses
                        the -ws option to specify the maximum file size
                        Filter wordlists to files of a maximum number of
                        lines; Default = 500,000; 0 = all wordlists

Autocrack To Do

  1. Add function to one-step AD domain hash dumps (lm -> nt)
  2. Add support for custom mask character sets
  3. Include mask attacks
  4. Track which wordlists / rules / masks crack a password
  5. Implement Markov chaining