CrackQ – New Password Cracking Manager Released

At Black Hat Europe in London, Trustwave has announced the release of CrackQ (alpha version), available from GitHub.

Developed over the last year by Trustwave principal security consultant Dan Turner, CrackQ, he says, is “an intuitive interface for Hashcat served by a REST API and a JavaScript front-end web application for ease of use.”

Hashcat is a password cracking tool which utilizes the power of GPUs (Graphical Processing Units) for high-speed password cracking. In simple terms, password cracking is the process of matching a plain-text password to a cryptographic hash of that password. This is done by guessing the password, but at an incredibly fast rate. We’re talking hundreds of billions of guesses per second in many cases.

CrackQ interfaces with Hashcat directly via the libhashcat library rather than using shell commands for execution. It uses the under-appreciated PyHashcat C bindings for this, which allows access to the library from Python. Aside from this, it’s the only tool that uses SAML2 authentication, allowing you to offload credential management to an identity provider (Active Directory, Azure, etc.) and also to use Multi-Factor Authentication.

The alternative option is LDAP authentication, which can be used with your own LDAP service, or for demo purposes, they have included an OpenLDAP docker container within the 4 docker containers provided as part of the application. 

For further information on CrackQ click here, or to download the software click here.