Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/lachlan2k/phatcrack

Modern web-based distributed hashcracking solution, built on hashcat
https://github.com/lachlan2k/phatcrack

distributed-computing golang gpu-computing hacking hashcat hashcracking infosec pentesting security-tools vue

Last synced: 3 months ago
JSON representation

Modern web-based distributed hashcracking solution, built on hashcat

Awesome Lists containing this project

README 

        
# Phatcrack



Phatcrack is a modern solution for distributed hash cracking, designed for hackers and other information security professionals.



Key features include:

* Built on [Hashcat](https://hashcat.net), supporting most common Hashcat attacks and almost all hash types.

* Excellent UX for manging projects, configuring attack settings, and viewing results.

* Distributes attacks, allowing both dictionary-based and mask-based attacks to be split across multiple workers.

* Automatically synchronises wordlists & rulefiles to all workers. Low-privileged users can be granted permission to upload wordlists & rulefiles.

* Modern web-interface, with multi-user support and project-based access control.



![image](https://github.com/lachlan2k/phatcrack/assets/4683714/b10df9ec-ed5a-4678-9442-89003636bbce)



### Deployment



#### Server

Docker is the only supported deployment method for the server. The following instructions assume you already have [Docker installed on your server](https://docs.docker.com/engine/install/), and are logged in as root (`sudo su`).



```sh

# Ideally the container processes should be run rootless, so we'll create an unprivileged user.

useradd --system --create-home --home-dir /opt/phatcrack-server phatcrack-server



cd /opt/phatcrack-server



wget https://github.com/lachlan2k/phatcrack/releases/download/v0.6.6/docker-compose.yml



# Update your hostname here:

echo "HOST_NAME=phatcrack.lan" >> .env

echo "DB_PASS=$(openssl rand -hex 16)" >> .env

echo "PHATCRACK_USER=$(id -u phatcrack-server):$(id -g phatcrack-server)" >> .env

chmod 600 .env



# If you chose a hostname that is publicly accessible and expose this to the world (not recommended), Caddy will automatically deploy TLS.



## Otherwise, use the following for self-signed TLS

# echo "TLS_OPTS=tls internal" >> .env



## If you want to supply custom certificates, place them in a directory called `certs`

## And add ./certs:/etc/caddy/certs:ro as a mount in docker-compose.prod.yml for 

# echo "TLS_OPTS=tls /etc/caddy/certs/cert.pem /etc/caddy/certs/key.pem" >> .env



# Make a directory to persist files in

mkdir filerepo

chown phatcrack-server:phatcrack-server filerepo



docker compose up -d

```



You can then visit your local installation. The default credentials are `admin:changeme`.



#### Agents



For each agent you want to enroll, visit the admin GUI, and create a new agent. Note down the generated API key, as this won't be shown again.



On each agent, you can manually set up the agent as follows:



```sh

# Create a user for the phatcrack agent

useradd --system --create-home --home-dir /opt/phatcrack-agent phatcrack-agent



# Depending on your distro, you may need to the phatcrack-agent to a group

usermod -aG video phatcrack-agent



cd /opt/phatcrack-agent



# Download the phatcrack-agent program from the local server

wget https://phatcrack.lan/agent-assets/phatcrack-agent

# Or, you can download from https://github.com/lachlan2k/phatcrack/releases/download/v0.6.6/phatcrack-agent



chmod +x ./phatcrack-agent

./phatcrack-agent install -defaults -api-endpoint https://phatcrack.lan/api/v1 -auth-key API_KEY_FROM_SERVER_HERE 



systemctl enable phatcrack-agent

systemctl start phatcrack-agent

```