Skip to content

AnataarXVI/Werkzeug-Cracker

Repository files navigation

Werkzeug Cracker

Werkzeug Cracker is being developped by @Anataar

This tool aims to perform a wordlist attack on a hash generated by the werkzeug.security module.

Description

This tool uses the werkzeug.security library and the check_password_hash function. The function returns True if the password matches otherwise it returns False .

Example of hash:

>>> from werkzeug.security import generate_password_hash
>>> hash = generate_password_hash("password", method='pbkdf2:sha256', salt_length=8)
>>> hash
'pbkdf2:sha256:260000$3LESq315$6f074a3d958ad256ced33cc72dfb79fda306ea53eb4d171d4c1bee4881e778c1'

Hash verification :

>>> from werkzeug.security import check_password_hash
>>> password = check_password_hash("pbkdf2:sha256:260000$3LESq315$6f074a3d958ad256ced33cc72dfb79fda306ea53eb4d171d4c1bee4881e778c1", "password")
>>> password
True

ref : werkzeug.security official documentation

Installation & Usage

git clone https://github.com/AnataarXVI/Werkzeug_Cracker.git
cd Werkzeug_Cracker
pip3 install -r requirements.txt

Options

usage: werkzeug_cracker.py [-h] [-p PASSWORD] [-w WORDLIST] [-t THREADS]

Werkzeug hash cracker

options:
  -h, --help            show this help message and exit
  -p PASSWORD, --password PASSWORD
                        load hash file
  -w WORDLIST, --wordlist WORDLIST
                        load wordlist file
  -t THREADS, --threads THREADS
                        number of threads, default=15

Example:
        werkzeug_cracker.py -p [hash] -w [wordlist] -t [threads]

How to use

For this example, we use a wordlist avaiable here.

python3 werkzeug_cracker.py -p hash.txt -w wordlist.txt

Countdown |██████████████████▊             | 2417/4122

Password found: password

Threads

The thread number (-t | --threads) reflects the number of separated brute force processes. The more you increase the number of threads, the more the brute force will increase its speed. By default, the number of threads is 15, but you can increase it if you want to speed up the progress.

python3 werkzeug_cracker.py --password hash.txt --wordlist wordlist.txt -t 20

Licence

Copyright (C) Anataar ([email protected])

License: GNU General Public License, version 3

Contributing

If you liked the project, feel free to share it. I'm open to any suggestions for improvement.