___ ___ __ _________ __
/ | \_____ _/ |_ ____ \_ ___ \____________ ____ | | __
/ ~ \__ \\ __\/ __ \ / \ \/\_ __ \__ \ _/ ___\| |/ /
\ Y // __ \| | \ ___/ \ \____| | \// __ \\ \___| <
\___|_ /(____ /__| \___ >____\______ /|__| (____ /\___ >__|_ \
\/ \/ \/_____/ \/ \/ \/ \/
Hashcat must be installed and available in your PATH:
Ubuntu/Kali:
sudo apt-get install -y hashcat
macOS (Homebrew):
brew install hashcat
Or download a pre-built binary from https://hashcat.net/hashcat/ and set hcatPath in config.json to its location.
Clone with submodules (required for hashcat-utils, princeprocessor, and optionally omen):
git clone --recurse-submodules https://github.com/trustedsec/hate_crack.git
cd hate_crack
If you cloned without submodules, initialize them:
git submodule update --init --recursive
Then customize configuration in config.json if needed (wordlist paths, API keys, etc.). Most users can skip this step as default paths work out-of-the-box.
The easiest way is to run make (or make install), which auto-detects your OS and installs:
- External dependencies (p7zip, transmission-daemon / transmission-remote)
- Builds submodules (hashcat-utils, princeprocessor, and optionally omen)
- Python dependencies via uv and a CLI shim at ~/.local/bin/hate_crack
make
This is idempotent - it skips tools already installed. To force a clean reinstall:
make reinstall
Or install dependencies manually:
These are required for certain download/extraction flows:
7z/7za (p7zip) — used to extract .7z archives.transmission-daemon / transmission-remote — used to download Weakpass torrents.Manual install commands:
Ubuntu/Kali:
sudo apt-get update
sudo apt-get install -y p7zip-full transmission-daemon
macOS (Homebrew):
brew install p7zip transmission-cli # provides transmission-daemon and transmission-remote
Then install the Python dependencies and CLI shim:
uv sync
mkdir -p ~/.local/bin
printf '#!/usr/bin/env bash\nset -euo pipefail\nexec uv run --directory %s python -m hate_crack "$@"\n' "$(pwd)" > ~/.local/bin/hate_crack
chmod +x ~/.local/bin/hate_crack
Core logic is now split into modules under hate_crack/:
hate_crack/cli.py: argparse helpers and config overrides.hate_crack/api.py: Hashview, Weakpass, and Hashmob integrations (downloads/menus/helpers).hate_crack/attacks.py: menu attack handlers.hate_crack/hashmob_wordlist.py: Hashmob wordlist utilities (thin wrapper; calls into api.py).hate_crack/main.py: main CLI implementation.The top-level hate_crack.py remains the main entry point and orchestrates these modules.
This project depends on and is inspired by a number of external projects and services. Thanks to:
After installing with make, run hate_crack from anywhere:
hate_crack
# or with arguments:
hate_crack <hash_file> <hash_type> [options]
Alternatively, run via uv:
uv run hate_crack.py <hash_file> <hash_type>
Install using make from the repository root - this builds submodules and bundles assets:
cd /path/to/hate_crack
make
hate_crack
The make install command creates a bash shim at ~/.local/bin/hate_crack that runs from the repo directory, so config and assets are always found regardless of your current working directory.
Config is also searched in:
- Current working directory and parent directory
- The repo root and package directory
- ~/hate_crack, ~/hate-crack, or ~/.hate_crack
Note: The hcatPath in config.json is for the hashcat binary location only (optional if hashcat is in PATH). Hate_crack assets (hashcat-utils, princeprocessor, omen) are loaded from the repository directory and bundled automatically by make install.
The script uses a uv shebang. Make it executable and run:
chmod +x hate_crack.py
./hate_crack.py
You can also use Python directly:
python hate_crack.py
If you see an error like:
Error: Build directory /opt/hashcat/hashcat-utils does not exist.
Expected to find expander at /opt/hashcat/hashcat-utils/bin/expander.
This means the hate_crack assets were not bundled into the installed package.
Understanding the paths:
- hcatPath in config.json → points to hashcat binary location (optional, can be in PATH)
- hashcat-utils/ and princeprocessor/ → bundled into the package by make install
Solution: Reinstall using the Makefile, which builds submodules and installs the tool:
cd /path/to/hate_crack # the repository checkout
make install
Default configuration (config.json.example):
Most users can use defaults without customization:
- hcatWordlists: ./wordlists (relative to repo root or HOME/.hate_crack)
- hcatOptimizedWordlists: ./optimized_wordlists (directory used by Quick Crack; falls back to hcatWordlists if not found)
- rules_directory: ./hashcat/rules (includes submodule rules)
- hcatTuning: `` (empty string - no default tuning flags)
Example config.json customizations:
{
"hcatPath": "/usr/local/bin", # Location of hashcat binary (optional, auto-detected from PATH)
"hcatBin": "hashcat", # Hashcat binary name
"hcatWordlists": "./wordlists", # Dictionary wordlist directory (relative or absolute)
"rules_directory": "./hashcat/rules", # Rules directory (relative or absolute)
"hcatTuning": "", # Additional hashcat flags (empty by default)
...
}
Configuration loading:
- Missing config keys are automatically backfilled from config.json.example on startup
- Config is searched in multiple locations: repo root, current working directory, ~/.hate_crack, /opt/hate_crack
If you see:
Your configuration specifies to merge with the ref 'refs/heads/master'
from the remote, but no such ref was fetched.
The default branch was renamed from master to main. Fix with:
git remote set-head origin -a
git branch -m master main
git branch --set-upstream-to=origin/main main
git pull
Default (full installation) - builds submodules, installs dependencies, and installs the tool:
make
# or explicitly:
make install
This is idempotent - it skips tools already installed.
Force clean reinstall:
make reinstall
Quick update - rebuilds submodules and reinstalls tool (after pulling changes):
make update
Uninstall - removes OS dependencies and tool:
make uninstall
Build hashcat-utils only:
make hashcat-utils
Run tests - automatically handles HATE_CRACK_SKIP_INIT when needed:
make test
Coverage report:
make coverage
Clean build/test artifacts:
make clean
Install the project with optional dev dependencies (includes linters and testing tools):
make dev-install
Before pushing changes, run these checks locally. Use make lint for everything, or run individual checks:
Ruff (linting and formatting):
make ruff
# or manually:
uv run ruff check hate_crack
Auto-fix issues:
uv run ruff format hate_crack
uv run ruff check --fix hate_crack
ty (type checking):
make ty
# or manually:
uv run ty check hate_crack
Run all checks together:
make lint
Tests auto-detect when submodules are not built and set HATE_CRACK_SKIP_INIT=1 automatically.
make test
Or run pytest directly:
uv run pytest -v
With coverage:
make coverage
Or with pytest:
uv run pytest --cov=hate_crack
Git hooks are managed by prek (v0.3.3+). Install hooks with:
prek install --hook-type pre-push --hook-type post-commit
This installs hooks defined in prek.toml using the pre-commit local-repo TOML schema:
- pre-push: ruff, ty, pytest, pytest-lima
- post-commit: audit-docs
Note: prek 0.3.3 expects repos = [...] at the top level. The old [hooks.<stage>] commands = [...] format is not supported.
Arrow-key menu navigation is enabled by default via the simple-term-menu dependency. When running in a terminal (TTY), menus render with arrow-key navigation and number-key shortcuts.
To force the classic numbered print() + input() menu, set HATE_CRACK_PLAIN_MENU=1.
The optional [dev] group includes:
- ty - Static type checker
- ruff - Fast Python linter and formatter
- pytest - Testing framework
- pytest-cov - Coverage reporting
Common options:
- --download-hashview: Download hashes from Hashview before cracking.
- --hashview: Interactive Hashview menu for managing hashes, wordlists, and jobs.
- --hashview --help: Show Hashview command-line options.
- --weakpass: Download wordlists from Weakpass.
- --hashmob: Download wordlists from Hashmob.net.
- --download-torrent <FILENAME>: Download a specific Weakpass torrent file.
- --download-all-torrents: Download all available Weakpass torrents from cache.
- --wordlists-dir <PATH> / --optimized-wordlists-dir <PATH>: Override wordlist directories.
- --pipal-path <PATH>: Override pipal path.
- --maxruntime <SECONDS>: Override max runtime.
- --bandrel-basewords <PATH>: Override bandrel basewords file.
- --debug: Enable debug logging (writes to stderr).
hate_crack integrates with Hashview for centralized hash management and distributed cracking.
Access the interactive Hashview menu:
hate_crack.py --hashview
Menu options: - (1) Upload Cracked Hashes - Upload cracked results from current session to Hashview - (2) Upload Wordlist - Upload a wordlist file to Hashview - (3) Download Wordlist - Download a wordlist from Hashview - (4) Download Left Hashes - Download remaining uncracked hashes (prompts to switch for cracking) - (5) Download Found Hashes - Download already-cracked hashes with cleartext passwords (for reference/analysis) - (6) Upload Hashfile and Create Job - Upload new hashfile and create a cracking job - (99) Back to Main Menu - Return to main menu
Important: Download Found vs Download Left - Download Left Hashes (4): Downloads uncracked hashes that need cracking. Automatically merges with any found hashes if available, and prompts to switch to this hashfile for cracking. - Download Found Hashes (5): Downloads already-cracked hashes in hash:cleartext format. These are for reference and cannot be cracked further. No switch prompt is shown.
Hashview operations can also be performed via command-line:
Upload cracked hashes:
hate_crack.py --hashview upload-cracked --file <output_file>.out --hash-type 1000
Upload a wordlist:
hate_crack.py --hashview upload-wordlist --file <wordlist>.txt --name "My Wordlist"
Download left hashes (uncracked hashes for cracking):
hate_crack.py --hashview download-left --customer-id 1 --hashfile-id 123
Download found hashes (already-cracked hashes with cleartext):
hate_crack.py --hashview download-found --customer-id 1 --hashfile-id 123
Upload hashfile and create job:
hate_crack.py --hashview upload-hashfile-job --file hashes.txt --customer-id 1 \
--hash-type 1000 --job-name "NTLM Crack Job" --hashfile-name "Domain Hashes"
Set Hashview credentials in config.json:
{
"hashview_url": "https://hashview.example.com",
"hashview_api_key": "your-api-key-here"
}
The LLM Attack (option 15) uses Ollama to generate password candidates. Configure the model and context window in config.json:
{
"ollamaModel": "mistral",
"ollamaNumCtx": 2048
}
ollamaModel — The Ollama model to use for candidate generation (default: mistral).ollamaNumCtx — Context window size for the model (default: 2048).http://localhost:11434. Ensure Ollama is running before using the LLM Attack.hate_crack can send Pushover push notifications when attacks complete and,
optionally, when individual hashes are cracked. All controls live under
main-menu option 82 — Notifications:
config.json as notify_enabled..out file and pushes a notification per crack (with per-tick burst aggregation). Persists$ claude mcp add hate_crack \
-- python -m otcore.mcp_server <graph>