{"id":28479770,"url":"https://github.com/dizcza/hashcat-wpa-server","last_synced_at":"2025-07-03T18:31:42.277Z","repository":{"id":41348161,"uuid":"116025020","full_name":"dizcza/hashcat-wpa-server","owner":"dizcza","description":"Hashcat WPA/WPA2 server","archived":false,"fork":false,"pushed_at":"2025-03-14T10:43:26.000Z","size":276,"stargazers_count":62,"open_issues_count":3,"forks_count":10,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-06-29T12:53:09.170Z","etag":null,"topics":["cracking-hashes","docker","flask","hashcat","hashcat-wpa","password-cracking","wpa"],"latest_commit_sha":null,"homepage":"http://85.217.171.57:9111/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dizcza.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-01-02T14:43:07.000Z","updated_at":"2025-03-30T10:39:33.000Z","dependencies_parsed_at":"2025-03-14T11:37:34.596Z","dependency_job_id":null,"html_url":"https://github.com/dizcza/hashcat-wpa-server","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/dizcza/hashcat-wpa-server","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dizcza%2Fhashcat-wpa-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dizcza%2Fhashcat-wpa-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dizcza%2Fhashcat-wpa-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dizcza%2Fhashcat-wpa-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dizcza","download_url":"https://codeload.github.com/dizcza/hashcat-wpa-server/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dizcza%2Fhashcat-wpa-server/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263379146,"owners_count":23457801,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cracking-hashes","docker","flask","hashcat","hashcat-wpa","password-cracking","wpa"],"created_at":"2025-06-07T18:10:17.893Z","updated_at":"2025-07-03T18:31:42.262Z","avatar_url":"https://github.com/dizcza.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![](https://img.shields.io/docker/image-size/dizcza/hashcat-wpa-server/latest?label=latest)](https://hub.docker.com/r/dizcza/hashcat-wpa-server/tags)\n[![](https://img.shields.io/docker/image-size/dizcza/hashcat-wpa-server/cuda?label=cuda)](https://hub.docker.com/r/dizcza/hashcat-wpa-server/tags)\n[![](https://img.shields.io/docker/image-size/dizcza/hashcat-wpa-server/intel-cpu?label=intel-cpu)](https://hub.docker.com/r/dizcza/hashcat-wpa-server/tags)\n[![](https://img.shields.io/docker/image-size/dizcza/hashcat-wpa-server/pocl?label=pocl)](https://hub.docker.com/r/dizcza/hashcat-wpa-server/tags)\n\n[Dockerhub](https://hub.docker.com/r/dizcza/hashcat-wpa-server)\n\n# Hashcat WPA/WPA2 server\n\nYet another WPA/WPA2 hashes cracker web server. Powered by HashCat. The backend is written in Python Flask.\n\nSupported capture file formats:\n* .pcapng (hcxdumptool)\n* .cap and .pcap (airodump)\n* .hccapx and .2500 (EAPOL)\n* .pmkid and .16800 (PMKID)\n* .22000 (PMKID/EAPOL)\n\nThe server utilizes [Hashcat Brain](https://hashcat.net/forum/thread-7903.html) transparently for the user (the user is allowed to activate and deactivate the feature). HashBrain allows skipping already tried password candidates - useful in combination with hashcat rules or when you restore the progress you ran the other day.\n\nEvery password cracking researcher is proud of his/her wordlists and rules. Here is my strategy of checking the most\nprobable passwords that require only a few minutes to run on any laptop or Raspberry Pi. The strategy is marked as\n`'(fast)'` among wordlist choices in UI. They are all run in the [`BaseAttack.run_all()`](\nhttps://github.com/dizcza/hashcat-wpa-server/blob/c9285676668c1c64fd5a62282366d3cb92dff969/app/attack/base_attack.py#L220)\nmethod:\n\n* `run_essid_attack`: \n  - Hamming ball ESSID attack (perturb ESSID name with at most Hamming distance '2');\n  - Split ESSID in word compounds. For example \"PetitCafe2017\" ESSID is split in `['2017', '2017Cafe', '2017CafePetit', '2017Petit', 'Cafe', ..., 'CafePetit2017']` which increases the chance of finding passwords of type \"PetitXXXX\" by running the combinator attack for each of the word compounds combination. Technically, for each `essid_i` word compound, it runs\n      - essid_i + digits_append.txt (prepend and append) combinator attack (`-a1`);\n      - essid_i + best64.rule attack;\n* `run_top1k`: Top1575-probable-v2.txt + best64.rule attack.\n* `run_digits8`: birthdays 100 years backward, digits masks like aabbccdd (refer to [mask\\_8-12.txt](app/word_magic/digits/mask_8-12.txt)), digits cycles, and more.\n* `run_keyboard_walk`: [keyboard-walk](https://github.com/hashcat/kwprocessor) attack.\n* `run_names`: names\\_ua-ru.txt with best64 attack.\n\n## Demo\n\nCheck out a running server on a CPU instance: http://85.217.171.57:9111. To surf the site, login with the `guest:guest` credentials. (Yes, you don't have the permissions to start jobs. Contact me if necessary.)\n\n\n## Command line interface\n\nYou can quickly test a handshake file against non-secure passwords, in other words, run the `(fast)` mode from a terminal:\n\n```bash\npython app/attack/base_attack.py /path/to/handshake.22000\n```\n\n```\noptional arguments:\n  --fast      Run ESSID+digits attack with fewer examples. Default: turned off\n  --extra     Run extra attacks (names UA)\n```\n\n** Note **\nThis will take ~1 minute to run for the first time to download necessary files.\n\n\n## Deployment\n\n### Directly on your host machine\n\nRun the following commands from the root `hashcat-wpa-server` folder:\n\n```\npip install -r requirements.txt  # required only once\n\nHASHCAT_ADMIN_USER=admin HASHCAT_ADMIN_PASSWORD=\u003cyour-secret-password\u003e gunicorn app:app\n```\n\n### Docker containers\n\n\n#### Using Docker Hub\n\nThere are 4 docker tags (platforms):\n\n* `latest` and `cuda`: Nvidia GPUs (`cuda` tag preferred);\n* `intel-cpu`: Intel CPUs;\n* `pocl`: an alternative to `intel-cpu` tag, an open source implementation of OpenCL.\n\nFor example, to run the `latest` tag (makes sense only if you have at least one GPU), open a terminal and run\n\n```\ndocker run --gpus all -d \\\n    -e HASHCAT_ADMIN_USER=admin \\\n    -e HASHCAT_ADMIN_PASSWORD=\u003cyour-secret-password\u003e \\\n    -v ${HOME}/.hashcat/wpa-server:/root/.hashcat/wpa-server \\\n    -p 9111:80 \\\n    dizcza/hashcat-wpa-server:latest\n```\n\nIf you don't have a GPU, try `intel-cpu` or `pocl` tag:\n\n```\ndocker run -d \\\n    -e HASHCAT_ADMIN_USER=admin \\\n    -e HASHCAT_ADMIN_PASSWORD=\u003cyour-secret-password\u003e \\\n    -v ${HOME}/.hashcat/wpa-server:/root/.hashcat/wpa-server \\\n    -p 9111:80 \\\n    dizcza/hashcat-wpa-server:intel-cpu\n```\n\nThat's all! Navigate to [localhost:9111](localhost:9111). The captured handshakes, user-defined wordlists and rules, and the SQL database will be stored in the `~/.hashcat/wpa-server` folder.\n\n#### Building the image locally\n\n```\ngit clone https://github.com/dizcza/hashcat-wpa-server.git\ncd hashcat-wpa-server/docker\n\n# Set environment variables and create the home directory\nmkdir -p ~/.hashcat/wpa-server\nexport HASHCAT_ADMIN_USER=admin\nexport HASHCAT_ADMIN_PASSWORD=\u003cyour-secret-password\u003e\n\n# Build \u0026 run\ndocker compose build\ndocker compose up\n```\n\nIf you want to build an image targeting a specific platform, pass it as the `branch` arg to the build command:\n\n```\ndocker compose build --build-arg branch=cuda\n```\n\nAvailable targets \u0026 platforms are shown in the readme header.\n\n\n## User wordlists\n\nHashcat-wpa-server app is shipped with the default Top-xxx-probable [wordlists](https://github.com/berzerk0/Probable-Wordlists). If you want to make use of your custom wordlists, place them in the `~/.hashcat/wpa-server/wordlists` folder (create one).\n\n\n## Troubleshooting\n\n* If you get an error like \"sql cannot write a database to readonly file\", fix file permissions with the following command: `sudo chown -R $USER:$USER ~/.hashcat/wpa-server/`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdizcza%2Fhashcat-wpa-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdizcza%2Fhashcat-wpa-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdizcza%2Fhashcat-wpa-server/lists"}