Skip to content

zzzteph/weakpass

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

107 Commits
.github
.github
 
 
libs
libs
 
 
rules
rules
 
 
tools
tools
 
 
.gitmodules
.gitmodules
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cracker.png
cracker.png
 
 
online.rule
online.rule
 
 

Repository files navigation

Weakpass (JS)

Here, you can find the list of tools from weakpass.com for password and hash cracking in one place.

📂 Folder Structure

  • tools

  • libs

    • Links to the libraries used in this project.

  • rules

    • Archive of cracking rules for advanced attacks.

All of the tools and libraries you can find in separate folders, a quick overview of the tools if you want to try them right now

🚀 Tools Overview

Passgen - passwords generator

Generate a wordlist based on user-provided keywords for targeted password testing.

Try it online: Passgen

For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the Wi-Fi network of EvilCorp. Sometimes, a password is a combination of device/network/organization name with some date, special character, etc. Therefore, it is simpler and easier to test some combinations before launching more complex and time-consuming checks. For example, cracking a Wi-Fi password with a wordlist can take several hours and can fail, even if you choose a great wordlist because there was no such password in it like Evilcorp2019.

Lookup - Range Hash Lookup Tool

Perform secure hash lookups without submitting sensitive data to a server using the Range API.

Try it online: Lookup

Reveal passwords for MD5, NTLM, SHA1, or SHA256 hashes using the precomputed weakpass4.merged.txt file without sending your hash to the backend. The primary advantage is that all hash checks are done client-side, ensuring that your data remains secure and private.

Additionally, you can host and build the database for this tool locally and in-house. To do so, use one of the precomputed tables available here and set up an API to serve hash ranges by value.

A server example that "works" with this database structure can be found in the repository.

Passcheck - Has your password been compromised?

Determine if your password has been compromised or is vulnerable to rule-based attacks.

Online: Passcheck

This tool checks if your password exists in the weakpass_4.merged wordlist using a range lookup API.

But what if someone decided to use a rule-based attack? Is your password safe for rule-based attacks? Beyond that, it simulates rule-based attacks by applying "reverse" hashcat rules to identify potential candidates that could be used with the rules to crack your password.

Key Features

  • Wordlist check - Verifies if your password is found in the weakpass_4.merged wordlist.
  • Rule-Based attack simulation - Generates candidates and tests if your password is vulnerable to rule-based cracking techniques.

Kraker-JS

Crack hashes directly in your browser with this JavaScript-based tool.

Try it online: Kraker-js

Features

  • Hash Types Supported: MD5, SHA1, crypt functions, JWT, Net-NTLMv2, and more.
  • Parallel Cracking: Run multiple tasks simultaneously for efficient processing.
  • Pure JS and client-side

About

Weakpass collection of tools for bruteforce and hashcracking

weakpass.com

Topics

password-generator password pentesting passwords pentest-tool

Resources

Readme

License

GPL-3.0 license
Activity

Stars

487 stars

Watchers

10 watching

Forks

47 forks
Report repository

Releases 1

1.0.0 Latest
Dec 11, 2024

Sponsor this project

Packages

No packages published

Languages