https://github.com/adscanpro/weakpass-lookup

A Python script that queries the Weakpass API to attempt cracking various types of password hashes (NTLM, MD5, SHA1, SHA256). This tool is particularly helpful for cracking NTLM hashes obtained via DCSync in a Windows Domain environment, though it supports several other hash types as well.
https://github.com/adscanpro/weakpass-lookup

active-directory cracking ntlm ntlm-hash pentesting red-team

Last synced: 2 months ago
JSON representation

Host: GitHub
URL: https://github.com/adscanpro/weakpass-lookup
Owner: ADScanPro
License: mit
Created: 2025-03-07T06:53:29.000Z (3 months ago)
Default Branch: main
Last Pushed: 2025-03-07T07:41:52.000Z (3 months ago)
Last Synced: 2025-03-07T08:19:16.911Z (3 months ago)
Topics: active-directory, cracking, ntlm, ntlm-hash, pentesting, red-team
Language: Python
Homepage:
Size: 12.7 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# weakpass-lookup

A Python script that queries the [Weakpass API](https://weakpass.com/api) to attempt cracking various types of password hashes (NTLM, MD5, SHA1, SHA256). This tool is particularly helpful for cracking NTLM hashes obtained via DCSync in a Windows Domain environment, though it supports several other hash types as well.

## Features

- **Multiple hash type support**: NTLM, MD5, SHA1, and SHA256.
- **Generic search option**: If a hash type is not specified, it attempts a generic search that covers ranges from 32 to 64 characters in length.
- **Bulk processing**: Reads hashes from a file and checks them concurrently using multiple worker threads.
- **Single hash processing**: Checks a single hash without needing a file.
- **Verbose mode**: Provides additional debug output to help with troubleshooting.

## Installation

It is recommended to install **weakpass-lookup** using pipx (preferred) or [pip](https://pip.pypa.io/en/stable/).

### Using pipx (Recommended)

```sh
pipx install weakpass-lookup
```

> Make sure you have pipx installed and set up on your system.

### Using pip

```sh
pip install weakpass-lookup
```

## Usage

```sh
usage: weakpass-lookup [-h] (-f FILE | -H HASH) [-t {md5,ntlm,sha1,sha256}]
[-w WORKERS] [-v]

Searches hashes in the Weakpass API

optional arguments:
-h, --help show this help message and exit
-f FILE, --file FILE File with list of hashes (one per line)
-H HASH, --hash HASH Individual hash to search
-t {md5,ntlm,sha1,sha256}, --type {md5,ntlm,sha1,sha256}
Hash type (optional, if not specified generic search
is used)
-w WORKERS, --workers WORKERS
Number of threads to use (default: 10)
-v, --verbose Verbose mode to show more debugging details
```

### Examples

1. **Crack a single NTLM hash:**

```sh
weakpass-lookup --hash --type ntlm
```

2. **Crack multiple hashes from a file (default 10 threads):**

```sh
weakpass-lookup --file /path/to/ntlm_hashes.txt --type ntlm --workers 10
```

3. **Use verbose mode for debugging:**

```sh
weakpass-lookup --file /path/to/hashes.txt --verbose
```

4. **Generic search (no specific hash type):**

```sh
weakpass-lookup --hash
```

## Output

- When processing a file:

- `_cracked.txt`: Stores all cracked hashes in `:` format.
- `_uncracked.txt`: Stores all remaining uncracked hashes.
- When processing a single hash:

- Prints the result (cracked or uncracked) directly to the terminal.

## Contributing

1. Fork the project.
2. Create a new feature branch (`git checkout -b feature/my-feature`).
3. Commit your changes (`git commit -m 'Add some feature'`).
4. Push to the branch (`git push origin feature/my-feature`).
5. Open a Pull Request.

## License

This project is licensed under the MIT License. Feel free to use, modify, and distribute it as per the terms of the license.

---

**Happy cracking with weakpass-lookup!**

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/adscanpro/weakpass-lookup

Awesome Lists containing this project

README