Awesome Open Source
Awesome Open Source



A user-friendly Web interface to share an hashcat cracking box among multiple users with some pre-defined options.


  • The homepage The homepage
  • Adding an hash to crack Adding an hash to crack
  • Seeing the results and some stats Seeing the results and some stats


  • This Web application can be used to launch asynchronous password cracks with hashcat.
  • The interface tries to be as user-friendly as possible and facilitates the password cracking method choice and to automate the succession of various attack modes.
  • It also displays statistics regarding the cracked passwords and allows to export the cracked password list in CSV.
  • The application is designed to be used in a multi-user environment with a strict segregation between the cracking results of different users: the user authentication can be done through an LDAP directory or basic auth.


Wavecrack can be used to do the following:

  • Add new password hashes, choose the attack mode and the crack duration
  • View the past and current cracks for your user with statistics and graphs
  • View the overall load of the platform
  • Upload a password-protected file and extract its hash

The attack modes are followed in the order they are displayed on the hash submit form.
It is also possible to stop a crack. However, every cancelation is final.
A limit to the amount of concurrent cracks can be defined in the settings in order not to reduce the current cracks performance.


  • hashcat: follow these instructions for CPU only usage on a Kali linux host
  • flask (>=0.10.1)
  • celery (>=3.1.18)
  • SQLite (>=
  • rabbitmq-server (>= 3.4.3)
  • Rules for hashcat (examples)
  • Wordlists (examples)


  • Install the RabbitMQ server and python-ldap requirements
$ apt-get install libsasl2-dev libldap2-dev libssl-dev rabbitmq-server
$ pip install -r requirements.txt
  • Create a cracker/ configuration file from the cracker/ file and notably edit the Mandatory settings section:

    • The path of hashcat
    • The RabbitMQ connection string: by default, the guest/guest account is used. Be sure to harden your installation
    • The path of the SQLite database
    • The path of the hashcat rules
    • The path of the wordlists
    • The LDAP parameters:
      • IP address
      • port
      • LDAP database for the users
      • Base DN
  • Initialize the local database linked in the cracker/ configuration file

$ sqlite3 base.db < base_schema.sql
  • Start the RabbitMQ server
$ sudo service rabbitmq-server start
  • Start Celery from the application folder
$ celery worker -A cracker.celery

Finally, if you don't want to setup your own VM, you can use the Docker-based process described in the docker folder.

Copyright and license

All product names, logos, and brands are property of their respective owners.
All resources published in wavecrack are free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. See the GNU General Public License for more details.


  • Cyprien Oger < cyprien.oger at wavestone d0t com >
  • CERT-W < cert at wavestone d0t com >

Alternative Project Comparisons
Related Awesome Lists
Top Programming Languages

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Python (865,958
Password (20,372
Hash (11,286
Rabbitmq (6,344
Ldap (3,630
Pentest (3,388
Celery (2,577
Cracking (1,425
Crack (1,117
Hashcat (320