Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

CrackQ tool adds GUI, analysis features to Hashcat password-cracking platform

A new open source tool makes it easier to use Hashcat, the powerful password-cracking, command-line tool that uses the power of graphics cards to find the plaintext equivalent of hashed passwords.

CrackQ provides a REST API and a JavaScript graphical user interface (GUI) to interact with Hashcat.

Dan Turner, the developer of CrackQ and a career penetration tester, told The Daily Swig that the goal of CrackQ was to help improve the efficiency of Hashcat, which has become very popular among penetration testers, red teams, and other offensive security researchers.

Results dashboard

CrackQ is not the first GUI tool written for Hashcat, but it has several characteristics that make it unique. The tool is written in Python and interfaces with Hashcat through the libhashcat library, which is much faster than running shell commands.

Python also has many great data science libraries, which make it easier to add analysis and reporting features to Hashcat.

CrackQ can generate various analysis reports and dashboards from Hashcat results, including timing and speed, insecure password patterns, and heatmaps of common city names used in passwords.

rwrerCrackQ provides a GUI for the Hashcat password-cracking tool

Other Hashcat tools use distributed computing, where they share the load among several computers. CrackQ, on the other hand, uses a server/client architecture, with all commands running on the server.

“Pen test/red teams commonly use dedicated GPU servers or custom-built rigs, which are then shared by the team,” Turner says.

“However, the application is built using Docker containers. This means that it’s a simple process to quickly create a cloud instance, if that is more suitable for you.”

Single sign-on

CrackQ uses SAML2 authentication, which allows users to offload credential management to an identity provider such as Active Directory and to use multi-factor authentication.

“I needed something I could integrate with single sign-on (SSO) to avoid managing user numbers approaching 100 accounts,” Turner says.

CrackQ is currently in alpha release. Turner will be expanding the feature set in the coming months.

“This first version was all about setting up a good base, ensuring it’s a very stable application and making it more accessible to everyone,” he said.

“I’m looking forward to the next steps, which will involve adding a lot of automation and improving the analysis/reporting, which will also increase the usability for blue teams.”

Source: https://portswigger.net/daily-swig/crackq-tool-adds-gui-analysis-features-to-hashcat-password-cracking-platform

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Modern enterprises run dozens (and sometimes hundreds) of servers, services, applications, APIs, containers, and other technologies. To secure these resources, enterprises need tools to...

Cyber Security

HAProxy, the popular open source load balancer and reverse proxy, has patched a bug that could enable attackers to stage HTTP request smuggling attacks. By sending a maliciously...

Cyber Security

While we continue to wait for the long-awaited password-less future to arrive, individuals and enterprises are still stuck with the problem of how to...

Cyber Security

UPDATED Password vault vendor Bitwarden has responded to renewed criticism of the encryption scheme it uses to protect users’ secret encryption keys by enhancing the mechanism’s default...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO