Skip to content

dizcza/hashcat-wpa-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

161 Commits

app

app

 
 

bash

bash

 
 

docker

docker

 
 

masks

masks

 
 

rules

rules

 
 

wordlists

wordlists

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

nginx.conf

nginx.conf

 
 

requirements.txt

requirements.txt

 
 

rsync.exclude

rsync.exclude

 
 

supervisor.conf

supervisor.conf

 
 

Repository files navigation

Dockerhub

Hashcat WPA/WPA2 server

Yet another WPA/WPA2 hashes cracker web server. Powered by HashCat. The backend is written in Python Flask.

Supported capture file formats:

  • .pcapng (hcxdumptool)
  • .cap and .pcap (airodump)
  • .hccapx and .2500 (EAPOL)
  • .pmkid and .16800 (PMKID)
  • .22000 (PMKID/EAPOL)

The server utilizes Hashcat Brain transparently for the user (the user is allowed to activate and deactivate the feature). HashBrain allows skipping already tried password candidates - useful in combination with hashcat rules or when you restore the progress you ran the other day.

Every password cracking researcher is proud of his/her wordlists and rules. Here is my strategy of checking the most probable passwords that require only a few minutes to run on any laptop or Raspberry Pi. The strategy is marked as '(fast)' among wordlist choices in UI. They are all run in the BaseAttack.run_all() method:

  • run_essid_attack:
    • Hamming ball ESSID attack (perturb ESSID name with at most Hamming distance '2');
    • Split ESSID in word compounds. For example "PetitCafe2017" ESSID is split in ['2017', '2017Cafe', '2017CafePetit', '2017Petit', 'Cafe', ..., 'CafePetit2017'] which increases the chance of finding passwords of type "PetitXXXX" by running the combinator attack for each of the word compounds combination. Technically, for each essid_i word compound, it runs
      • essid_i + digits_append.txt (prepend and append) combinator attack (-a1);
      • essid_i + best64.rule attack;
  • run_top1k: Top1575-probable-v2.txt + best64.rule attack.
  • run_digits8: birthdays 100 years backward, digits masks like aabbccdd (refer to mask_8-12.txt), digits cycles, and more.
  • run_keyboard_walk: keyboard-walk attack.
  • run_names: names_ua-ru.txt with best64 attack.

Demo

Check out a running server on a CPU instance: http://85.217.171.57:9111. To surf the site, login with the guest:guest credentials. (Yes, you don't have the permissions to start jobs. Contact me if necessary.)

Command line interface

You can quickly test a handshake file against non-secure passwords, in other words, run the (fast) mode from a terminal:

python app/attack/base_attack.py /path/to/handshake.22000
optional arguments:
  --fast      Run ESSID+digits attack with fewer examples. Default: turned off
  --extra     Run extra attacks (names UA)

** Note ** This will take ~1 minute to run for the first time to download necessary files.

Deployment

Directly on your host machine

Run the following commands from the root hashcat-wpa-server folder:

pip install -r requirements.txt  # required only once

HASHCAT_ADMIN_USER=admin HASHCAT_ADMIN_PASSWORD=<your-secret-password> gunicorn app:app

Docker containers

Using Docker Hub

There are 4 docker tags (platforms):

  • latest and cuda: Nvidia GPUs (cuda tag preferred);
  • intel-cpu: Intel CPUs;
  • pocl: an alternative to intel-cpu tag, an open source implementation of OpenCL.

For example, to run the latest tag (makes sense only if you have at least one GPU), open a terminal and run

docker run --gpus all -d \
    -e HASHCAT_ADMIN_USER=admin \
    -e HASHCAT_ADMIN_PASSWORD=<your-secret-password> \
    -v ${HOME}/.hashcat/wpa-server:/root/.hashcat/wpa-server \
    -p 9111:80 \
    dizcza/hashcat-wpa-server:latest

If you don't have a GPU, try intel-cpu or pocl tag:

docker run -d \
    -e HASHCAT_ADMIN_USER=admin \
    -e HASHCAT_ADMIN_PASSWORD=<your-secret-password> \
    -v ${HOME}/.hashcat/wpa-server:/root/.hashcat/wpa-server \
    -p 9111:80 \
    dizcza/hashcat-wpa-server:intel-cpu

That's all! Navigate to localhost:9111. The captured handshakes, user-defined wordlists and rules, and the SQL database will be stored in the ~/.hashcat/wpa-server folder.

Building the image locally

git clone https://github.com/dizcza/hashcat-wpa-server.git
cd hashcat-wpa-server/docker

# Set environment variables and create the home directory
mkdir -p ~/.hashcat/wpa-server
export HASHCAT_ADMIN_USER=admin
export HASHCAT_ADMIN_PASSWORD=<your-secret-password>

# Build & run
docker compose build
docker compose up

If you want to build an image targeting a specific platform, pass it as the branch arg to the build command:

docker compose build --build-arg branch=cuda

Available targets & platforms are shown in the readme header.

User wordlists

Hashcat-wpa-server app is shipped with the default Top-xxx-probable wordlists. If you want to make use of your custom wordlists, place them in the ~/.hashcat/wpa-server/wordlists folder (create one).

Troubleshooting

  • If you get an error like "sql cannot write a database to readonly file", fix file permissions with the following command: sudo chown -R $USER:$USER ~/.hashcat/wpa-server/

About

Hashcat WPA/WPA2 server

85.217.171.57:9111/

Topics

docker flask wpa hashcat password-cracking cracking-hashes hashcat-wpa

Resources

Readme

License

MIT license
Activity

Stars

50 stars

Watchers

2 watching

Forks

10 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages