The Password Auditor Tool is a powerful and simple command-line utility designed to test the strength of passwords by performing dictionary attacks and brute force attacks. Built for ethical purposes such as auditing password security, this tool supports popular hashing algorithms like MD5, SHA-1, SHA-256, and SHA-512.
The tool supports the following hash types:
- MD5
- SHA-1
- SHA-256
- SHA-512
- Dictionary Attack: Attempts to match the target hash with passwords from a user-specified wordlist.
- Brute Force Attack: Generates all possible combinations of characters up to a specified length to match the target hash.
- Define the character set for brute force attacks.
- Specify the maximum password length for brute force attacks.
- Choose your own wordlist for dictionary attacks.
The tool features a clean and intuitive CLI, making it easy to specify options and perform attacks.
- Progress updates during brute force attacks.
- Immediate result display when the password is found.
The tool takes a hashed password as input and attempts to recover the original password using one of two modes: dictionary attack or brute force attack. Here's an overview of the workflow:
-
Hash Detection
The user specifies the hash type. If it's incorrect, the tool won't work properly. -
Password Generation
- For dictionary attacks, the tool reads passwords line-by-line from a wordlist.
- For brute force attacks, the tool generates password combinations based on the user-defined character set and length.
-
Hash Comparison
Each generated password is hashed using the specified algorithm and compared to the target hash. -
Result Display
Once the password is found, it's displayed to the user.
- Clone the Repository
git clone https://github.com/rkstudio585/PssCrack
cd PssCrack
-
Install Python Dependencies Make sure Python 3 is installed on your system. The tool uses the
rich
library for CLI styling. Install it via pip:pip install rich
-
Run the Tool
python main.py --help
The tool supports two attack modes: dictionary and brute force. Below are examples of how to use each mode.
Run the following command:
python main.py -m dictionary -t md5 -H <HASH> -w <WORDLIST_PATH>
-m dictionary
: Specifies the dictionary attack mode.-t md5
: Indicates the hash type (replace withsha1
,sha256
, orsha512
as needed).-H <HASH>
: The target hash you want to crack.-w <WORDLIST_PATH>
: Path to the wordlist file.
python main.py -m dictionary -t sha256 -H d2d2d0e05640c52298961b3c0a372e2c74f0ab728c7b88264e0d7eb7e2f4fbbd -w wordlist.txt
Run the following command:
python main.py -m bruteforce -t sha256 -H <HASH> -c abc123 -l 5
-m bruteforce
: Specifies the brute force attack mode.-t sha256
: Indicates the hash type (replace withmd5
,sha1
, orsha512
as needed).-H <HASH>
: The target hash you want to crack.-c abc123
: Character set to use for brute force (e.g., letters, numbers, or symbols).-l 5
: Maximum password length to attempt.
python main.py -m bruteforce -t md5 -H 5f4dcc3b5aa765d61d8327deb882cf99 -c abcdefghijklmnopqrstuvwxyz -l 4
Below is a sample wordlist.txt
file that you can use with the tool:
password
123456
qwerty
letmein
welcome
monkey
password1
iloveyou
trustno1
You can find publicly available wordlists like the RockYou wordlist for larger datasets.
python main.py -m dictionary -t md5 -H 5f4dcc3b5aa765d61d8327deb882cf99 -w wordlist.txt
Output:
[INFO] Starting dictionary attack using wordlist.txt...
[SUCCESS] Password found: password
python main.py -m bruteforce -t sha256 -H 6dcd4ce23d88e2ee9568ba546c007c63df6a62e72b6c0b7b030b99144f6503d0 -c abc123 -l 3
Output:
[INFO] Starting brute force attack...
[SUCCESS] Password found: abc
- Performance: Brute force attacks are computationally expensive and may take significant time for long passwords or large character sets.
- Supported Hash Types: Only common hash types (MD5, SHA-1, SHA-256, SHA-512) are supported in this version.
- Wordlist Size: The success of dictionary attacks depends heavily on the quality and size of the wordlist.
- Multi-threading: Speed up brute force attacks using concurrent processing.
- Additional Hashes: Add support for more complex hash types like bcrypt or Argon2.
- GUI Interface: Provide a graphical user interface for non-technical users.
- Real-Time Stats: Display attack progress and estimated time for completion.
This tool is intended for ethical use only:
- Test password strength on systems you own or have explicit permission to audit.
- Do not use this tool for illegal or unauthorized purposes.
Unauthorized use of this tool may violate privacy laws and result in severe penalties.
This project is licensed under the MIT License. See the LICENSE
file for more details.
Contributions are welcome! Feel free to fork the repository, make improvements, and submit a pull request.
For questions, suggestions, or feedback, reach out at:
- GitHub: GitHub Profile
- Email: [email protected]