MCPcopy
hub / github.com/trustedsec/hate_crack

github.com/trustedsec/hate_crack @v2.10.6 sqlite

repository ↗ · DeepWiki ↗ · release v2.10.6 ↗
1,618 symbols 4,431 edges 94 files 408 documented · 25%
README
  ___ ___         __             _________                       __    
 /   |   \_____ _/  |_  ____     \_   ___ \____________    ____ |  | __
/    ~    \__  \\   __\/ __ \    /    \  \/\_  __ \__  \ _/ ___\|  |/ /
\    Y    // __ \|  | \  ___/    \     \____|  | \// __ \\  \___|    < 
 \___|_  /(____  /__|  \___  >____\______  /|__|  (____  /\___  >__|_ \
       \/      \/          \/_____/      \/            \/     \/     \/

Installation

1. Install hashcat

Hashcat must be installed and available in your PATH:

Ubuntu/Kali:

sudo apt-get install -y hashcat

macOS (Homebrew):

brew install hashcat

Or download a pre-built binary from https://hashcat.net/hashcat/ and set hcatPath in config.json to its location.

2. Download hate_crack

Clone with submodules (required for hashcat-utils, princeprocessor, and optionally omen):

git clone --recurse-submodules https://github.com/trustedsec/hate_crack.git
cd hate_crack

If you cloned without submodules, initialize them:

git submodule update --init --recursive

Then customize configuration in config.json if needed (wordlist paths, API keys, etc.). Most users can skip this step as default paths work out-of-the-box.

3. Install dependencies and hate_crack

The easiest way is to run make (or make install), which auto-detects your OS and installs: - External dependencies (p7zip, transmission-daemon / transmission-remote) - Builds submodules (hashcat-utils, princeprocessor, and optionally omen) - Python dependencies via uv and a CLI shim at ~/.local/bin/hate_crack

make

This is idempotent - it skips tools already installed. To force a clean reinstall:

make reinstall

Or install dependencies manually:

External Dependencies

These are required for certain download/extraction flows:

  • 7z/7za (p7zip) — used to extract .7z archives.
  • transmission-daemon / transmission-remote — used to download Weakpass torrents.

Manual install commands:

Ubuntu/Kali:

sudo apt-get update
sudo apt-get install -y p7zip-full transmission-daemon

macOS (Homebrew):

brew install p7zip transmission-cli  # provides transmission-daemon and transmission-remote

Then install the Python dependencies and CLI shim:

uv sync
mkdir -p ~/.local/bin
printf '#!/usr/bin/env bash\nset -euo pipefail\nexec uv run --directory %s python -m hate_crack "$@"\n' "$(pwd)" > ~/.local/bin/hate_crack
chmod +x ~/.local/bin/hate_crack

Project Structure

Core logic is now split into modules under hate_crack/:

  • hate_crack/cli.py: argparse helpers and config overrides.
  • hate_crack/api.py: Hashview, Weakpass, and Hashmob integrations (downloads/menus/helpers).
  • hate_crack/attacks.py: menu attack handlers.
  • hate_crack/hashmob_wordlist.py: Hashmob wordlist utilities (thin wrapper; calls into api.py).
  • hate_crack/main.py: main CLI implementation.

The top-level hate_crack.py remains the main entry point and orchestrates these modules.


References and Thanks

This project depends on and is inspired by a number of external projects and services. Thanks to:

  • Hashview (http://github.com/hashview/)
  • Weakpass (https://weakpass.com)
  • Hashmob (https://hashmob.net)

Usage

After installing with make, run hate_crack from anywhere:

hate_crack
# or with arguments:
hate_crack <hash_file> <hash_type> [options]

Alternatively, run via uv:

uv run hate_crack.py <hash_file> <hash_type>

Run as a tool (recommended)

Install using make from the repository root - this builds submodules and bundles assets:

cd /path/to/hate_crack
make
hate_crack

The make install command creates a bash shim at ~/.local/bin/hate_crack that runs from the repo directory, so config and assets are always found regardless of your current working directory.

Config is also searched in: - Current working directory and parent directory - The repo root and package directory - ~/hate_crack, ~/hate-crack, or ~/.hate_crack

Note: The hcatPath in config.json is for the hashcat binary location only (optional if hashcat is in PATH). Hate_crack assets (hashcat-utils, princeprocessor, omen) are loaded from the repository directory and bundled automatically by make install.

Run as a script

The script uses a uv shebang. Make it executable and run:

chmod +x hate_crack.py
./hate_crack.py

You can also use Python directly:

python hate_crack.py

Troubleshooting

Error: Build directory does not exist

If you see an error like:

Error: Build directory /opt/hashcat/hashcat-utils does not exist.
Expected to find expander at /opt/hashcat/hashcat-utils/bin/expander.

This means the hate_crack assets were not bundled into the installed package.

Understanding the paths: - hcatPath in config.json → points to hashcat binary location (optional, can be in PATH) - hashcat-utils/ and princeprocessor/ → bundled into the package by make install

Solution: Reinstall using the Makefile, which builds submodules and installs the tool:

cd /path/to/hate_crack  # the repository checkout
make install

Default configuration (config.json.example):

Most users can use defaults without customization: - hcatWordlists: ./wordlists (relative to repo root or HOME/.hate_crack) - hcatOptimizedWordlists: ./optimized_wordlists (directory used by Quick Crack; falls back to hcatWordlists if not found) - rules_directory: ./hashcat/rules (includes submodule rules) - hcatTuning: `` (empty string - no default tuning flags)

Example config.json customizations:

{
  "hcatPath": "/usr/local/bin",          # Location of hashcat binary (optional, auto-detected from PATH)
  "hcatBin": "hashcat",                  # Hashcat binary name
  "hcatWordlists": "./wordlists",        # Dictionary wordlist directory (relative or absolute)
  "rules_directory": "./hashcat/rules",  # Rules directory (relative or absolute)
  "hcatTuning": "",                      # Additional hashcat flags (empty by default)
  ...
}

Configuration loading: - Missing config keys are automatically backfilled from config.json.example on startup - Config is searched in multiple locations: repo root, current working directory, ~/.hate_crack, /opt/hate_crack

Error: merge with ref 'refs/heads/master' but no such ref was fetched

If you see:

Your configuration specifies to merge with the ref 'refs/heads/master'
from the remote, but no such ref was fetched.

The default branch was renamed from master to main. Fix with:

git remote set-head origin -a
git branch -m master main
git branch --set-upstream-to=origin/main main
git pull

Makefile Targets

Default (full installation) - builds submodules, installs dependencies, and installs the tool:

make
# or explicitly:
make install

This is idempotent - it skips tools already installed.

Force clean reinstall:

make reinstall

Quick update - rebuilds submodules and reinstalls tool (after pulling changes):

make update

Uninstall - removes OS dependencies and tool:

make uninstall

Build hashcat-utils only:

make hashcat-utils

Run tests - automatically handles HATE_CRACK_SKIP_INIT when needed:

make test

Coverage report:

make coverage

Clean build/test artifacts:

make clean

Development

Setting Up the Development Environment

Install the project with optional dev dependencies (includes linters and testing tools):

make dev-install

Running Linters and Type Checks

Before pushing changes, run these checks locally. Use make lint for everything, or run individual checks:

Ruff (linting and formatting):

make ruff
# or manually:
uv run ruff check hate_crack

Auto-fix issues:

uv run ruff format hate_crack
uv run ruff check --fix hate_crack

ty (type checking):

make ty
# or manually:
uv run ty check hate_crack

Run all checks together:

make lint

Running Tests

Tests auto-detect when submodules are not built and set HATE_CRACK_SKIP_INIT=1 automatically.

make test

Or run pytest directly:

uv run pytest -v

With coverage:

make coverage

Or with pytest:

uv run pytest --cov=hate_crack

Git Hooks (prek)

Git hooks are managed by prek (v0.3.3+). Install hooks with:

prek install --hook-type pre-push --hook-type post-commit

This installs hooks defined in prek.toml using the pre-commit local-repo TOML schema: - pre-push: ruff, ty, pytest, pytest-lima - post-commit: audit-docs

Note: prek 0.3.3 expects repos = [...] at the top level. The old [hooks.<stage>] commands = [...] format is not supported.

Arrow-Key Menu Navigation

Arrow-key menu navigation is enabled by default via the simple-term-menu dependency. When running in a terminal (TTY), menus render with arrow-key navigation and number-key shortcuts.

To force the classic numbered print() + input() menu, set HATE_CRACK_PLAIN_MENU=1.

Dev Dependencies

The optional [dev] group includes: - ty - Static type checker - ruff - Fast Python linter and formatter - pytest - Testing framework - pytest-cov - Coverage reporting


Common options: - --download-hashview: Download hashes from Hashview before cracking. - --hashview: Interactive Hashview menu for managing hashes, wordlists, and jobs. - --hashview --help: Show Hashview command-line options. - --weakpass: Download wordlists from Weakpass. - --hashmob: Download wordlists from Hashmob.net. - --download-torrent <FILENAME>: Download a specific Weakpass torrent file. - --download-all-torrents: Download all available Weakpass torrents from cache. - --wordlists-dir <PATH> / --optimized-wordlists-dir <PATH>: Override wordlist directories. - --pipal-path <PATH>: Override pipal path. - --maxruntime <SECONDS>: Override max runtime. - --bandrel-basewords <PATH>: Override bandrel basewords file. - --debug: Enable debug logging (writes to stderr).

Hashview Integration

hate_crack integrates with Hashview for centralized hash management and distributed cracking.

Interactive Menu

Access the interactive Hashview menu:

hate_crack.py --hashview

Menu options: - (1) Upload Cracked Hashes - Upload cracked results from current session to Hashview - (2) Upload Wordlist - Upload a wordlist file to Hashview - (3) Download Wordlist - Download a wordlist from Hashview - (4) Download Left Hashes - Download remaining uncracked hashes (prompts to switch for cracking) - (5) Download Found Hashes - Download already-cracked hashes with cleartext passwords (for reference/analysis) - (6) Upload Hashfile and Create Job - Upload new hashfile and create a cracking job - (99) Back to Main Menu - Return to main menu

Important: Download Found vs Download Left - Download Left Hashes (4): Downloads uncracked hashes that need cracking. Automatically merges with any found hashes if available, and prompts to switch to this hashfile for cracking. - Download Found Hashes (5): Downloads already-cracked hashes in hash:cleartext format. These are for reference and cannot be cracked further. No switch prompt is shown.

Command-Line Interface

Hashview operations can also be performed via command-line:

Upload cracked hashes:

hate_crack.py --hashview upload-cracked --file <output_file>.out --hash-type 1000

Upload a wordlist:

hate_crack.py --hashview upload-wordlist --file <wordlist>.txt --name "My Wordlist"

Download left hashes (uncracked hashes for cracking):

hate_crack.py --hashview download-left --customer-id 1 --hashfile-id 123

Download found hashes (already-cracked hashes with cleartext):

hate_crack.py --hashview download-found --customer-id 1 --hashfile-id 123

Upload hashfile and create job:

hate_crack.py --hashview upload-hashfile-job --file hashes.txt --customer-id 1 \
  --hash-type 1000 --job-name "NTLM Crack Job" --hashfile-name "Domain Hashes"

Configuration

Set Hashview credentials in config.json:

{
  "hashview_url": "https://hashview.example.com",
  "hashview_api_key": "your-api-key-here"
}

Ollama Configuration

The LLM Attack (option 15) uses Ollama to generate password candidates. Configure the model and context window in config.json:

{
  "ollamaModel": "mistral",
  "ollamaNumCtx": 2048
}
  • ollamaModel — The Ollama model to use for candidate generation (default: mistral).
  • ollamaNumCtx — Context window size for the model (default: 2048).
  • The Ollama URL defaults to http://localhost:11434. Ensure Ollama is running before using the LLM Attack.

Notifications (menu option 82)

hate_crack can send Pushover push notifications when attacks complete and, optionally, when individual hashes are cracked. All controls live under main-menu option 82 — Notifications:

  1. Toggle Pushover Notifications [ON/OFF] — master switch. Persists to config.json as notify_enabled.
  2. Toggle Per-Crack Notifications [ON/OFF] — when ON, a background tailer watches the .out file and pushes a notification per crack (with per-tick burst aggregation). Persists

Core symbols most depended-on inside this repo

run
called by 62
hate_crack/notify/tailer.py
_append_potfile_arg
called by 34
hate_crack/main.py
_run_hcat_cmd
called by 34
hate_crack/main.py
generate_session_id
called by 33
hate_crack/main.py
_attack_ctx
called by 30
hate_crack/main.py
remove
called by 29
hate_crack/api.py
_should_use_optimized_kernel
called by 27
hate_crack/main.py
_insert_optimized_flag
called by 27
hate_crack/main.py

Shape

Method 900
Function 506
Class 195
Route 17

Languages

Python100%

Modules by API surface

hate_crack/main.py138 symbols
tests/test_api_downloads.py88 symbols
hate_crack/api.py82 symbols
tests/test_main_utils.py66 symbols
tests/test_pull_ollama_model.py61 symbols
tests/test_wordlist_tools.py60 symbols
tests/test_ntlm_preprocessing.py53 symbols
hate_crack/attacks.py49 symbols
tests/test_hashcat_wrappers.py48 symbols
tests/test_username_detect.py47 symbols
tests/test_omen_attack.py41 symbols
tests/test_hashview.py39 symbols

Dependencies from manifests, versioned

beautifulsoup44.12.0 · 1×
click8.0.0 · 1×
openpyxl3.0.0 · 1×
packaging21.0 · 1×
requests2.31.0 · 1×
simple-term-menu1.6.6 · 1×

For agents

$ claude mcp add hate_crack \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact