How to use Wavecrack in conjunction with hashcat to achieve password破解

1. Wavecrack is essentially a web application that can use hashcat to achieve asynchronous password破解;

2. The operational interface is user-friendly, making it convenient for users to select password破解 methods, and has achieved continuous automation of various attack modes;

3. It supports displaying statistical information about the破解 passwords and allows the破解 password list to be exported in CSV format;

4. The application supports a multi-user environment, with strict isolation between the破解 results of different users: user authentication can be completed through LDAP directory or basic authentication;

Tool Requirements

hashcat
Flask
Celery
SQLite
rabbitmq-server
hashcat rule (Example）
Dictionary file (Example）

Tool installation

First, we need to use the following commands to clone the source code of this project locally:

git clone https://github.com/wavestone-cdt/wavecrack.git

Install RabbitMQ server and python-ldap dependencies:

$ apt-get install libsasl2-dev libldap2-dev libssl-dev rabbitmq-server

InstallationPython dependencies:

$ pip install -r requirements.txt

Create a cracker/app_settings.py configuration file using the cracker/app_settings.py.example file and modify the Mandatory settings field as needed.

Initialize the contents related to the local database in the cracker/app_settings.py configuration file:

$ sqlite3 base.db < base_schema.sql

Start the RabbitMQ server:

$ sudo service rabbitmq-server start

Start Celery:

$ celery worker -A cracker.celery

Start the Flask web server:

$ python server.py

Tool operation screenshot

Tool homepage

Add a hash to be cracked

View results and other status information

License Agreement

The development and release of this project follow the GNU General Public License Agreement.

Project address

Wavecrack：【GitHub link】

Reference materials

https://hashcat.net/hashcat/
https://bugs.kali.org/view.php?id=3432#c6062
https://hashcat.net/wiki/doku.php?id=rule_based_attack
https://hashcat.net/forum/thread-1236.html
https://github.com/wavestone-cdt/wavecrack/blob/master/setup_resources/requirements.txt

你可能想看：

d) Adopt identification technologies such as passwords, password technologies, biometric technologies, and combinations of two or more to identify users, and at least one identification technology sho

Article 2 of the Cryptography Law clearly defines the term 'cryptography', which does not include commonly known terms such as 'bank card password', 'login password', as well as facial recognition, fi

How to use Graphcat to generate visual charts based on password cracking results

(3) Is the national secret OTP simply replacing the SHA series hash algorithms with the SM3 algorithm, and becoming the national secret version of HOTP and TOTP according to the adopted dynamic factor

Ensure that the ID can be accessed even if it is guessed or cannot be tampered with; the scenario is common in resource convenience and unauthorized vulnerability scenarios. I have found many vulnerab

HTTP data packets & request methods & status code judgment & brute force encryption password & exploiting data packets

As announced today, Glupteba is a multi-component botnet targeting Windows computers. Google has taken action to disrupt the operation of Glupteba, and we believe this action will have a significant i

Item 28： T1560.001-2 Compress Data and lock with password for Exfiltration with winrar

From 0 to 1, this article is enough to collect SQL injection (sql ten injection types), technical analysis and practical training

Announcement regarding the addition of 7 units as technical support units for the Ministry of Industry and Information Technology's mobile Internet APP product security vulnerability database

最后修改时间：2025-03-30 00:19:02