https://github.com/zzzteph/weakpass

Weakpass collection of tools for bruteforce and hashcracking
https://github.com/zzzteph/weakpass

password password-generator passwords pentest-tool pentesting

Last synced: 4 months ago
JSON representation

Weakpass collection of tools for bruteforce and hashcracking

• Host: GitHub
• URL: https://github.com/zzzteph/weakpass
• Owner: zzzteph
• License: gpl-3.0
• Created: 2021-08-29T13:07:37.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2024-11-17T22:41:12.000Z (12 months ago)
• Last Synced: 2024-11-17T23:27:05.295Z (12 months ago)
• Topics: password, password-generator, passwords, pentest-tool, pentesting
• Language: Vue
• Homepage: https://weakpass.com
• Size: 48.2 MB
• Stars: 446
• Watchers: 10
• Forks: 43
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-lists - zzzteph/weakpass - Weakpass collection of tools for bruteforce and hashcracking (Vue)

README

          
# Weakpass (JS)



  



Here, you can find the list of tools from [weakpass.com](https://weakpass.com/) for password and hash cracking in one place.

### 📂 Folder Structure

- **tools**

  - A collection of password and hash cracking tools. **Check them out:**

    - [Kraker-js](https://zzzteph.github.io/weakpass/tools/kraker-js/dist/)

    - [Lookup](https://zzzteph.github.io/weakpass/tools/lookup/dist/)

    - [Passcheck](https://zzzteph.github.io/weakpass/tools/passcheck/dist/)

    - [Passgen](https://zzzteph.github.io/weakpass/tools/passgen/dist/)

- **libs**

  - Links to the libraries used in this project.

- **rules**

  - Archive of cracking rules for advanced attacks.

---

All of the tools and libraries you can find in separate folders, a quick overview of the tools if you want to try them right now

## 🚀 Tools Overview

### Passgen - passwords generator

Generate a wordlist based on user-provided keywords for targeted password testing.

**Try it online:** [Passgen](https://zzzteph.github.io/weakpass/tools/passgen/dist/)



  



For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the _Wi-Fi_ network of **EvilCorp**. Sometimes, a password is a combination of _device/network/organization_ name with some date, special character, etc. Therefore, it is simpler and easier to test some combinations before launching more complex and time-consuming checks. For example, cracking a _Wi-Fi_ password with a wordlist can take several hours and can fail, even if you choose a [great wordlist](https://weakpass.com/wordlist/1950) because there was no such password in it like **Evilcorp2019**. 

---

### Lookup - Range Hash Lookup Tool

Perform secure hash lookups without submitting sensitive data to a server using the Range API.

**Try it online:** [Lookup](https://zzzteph.github.io/weakpass/tools/lookup/dist/)



  



Reveal passwords for MD5, NTLM, SHA1, or SHA256 hashes using the precomputed `weakpass4.merged.txt` file without sending your hash to the backend. The primary advantage is that all hash checks are done client-side, ensuring that your data remains secure and private.

Additionally, you can host and build the database for this tool locally and in-house. To do so, use one of the precomputed tables available [here](https://weakpass.com/pre-computed) and set up an API to serve hash ranges by value.

A server example that "works" with this database structure can be found in the repository.

---

### Passcheck - Has your password been compromised?

Determine if your password **has been compromised** or is vulnerable to rule-based attacks.

Online: [Passcheck](https://zzzteph.github.io/weakpass/tools/passcheck/dist/)



  



This tool checks if your password exists in the **weakpass_4.merged** wordlist using a range lookup API. 

**But what if someone decided to use a rule-based attack? Is your password safe for rule-based attacks?**

Beyond that, it simulates rule-based attacks by applying "reverse" hashcat rules to identify potential candidates that could be used with the rules to crack your password.

## Key Features

- **Wordlist check** - Verifies if your password is found in the weakpass_4.merged wordlist.

- **Rule-Based attack simulation** - Generates candidates and tests if your password is vulnerable to rule-based cracking techniques.

---

# Kraker-JS

Crack hashes directly in your browser with this JavaScript-based tool.

**Try it online:** [Kraker-js](https://zzzteph.github.io/weakpass/tools/kraker-js/dist/)



  



#### Features

- **Hash Types Supported:** MD5, SHA1, crypt functions, JWT, Net-NTLMv2, and more.

- **Parallel Cracking:** Run multiple tasks simultaneously for efficient processing.

- **Pure JS and client-side**