At Black Hat Europe in London, Trustwave has announced the release of CrackQ (alpha version), available from GitHub.
Hashcat is a password cracking tool which utilizes the power of GPUs (Graphical Processing Units) for high-speed password cracking. In simple terms, password cracking is the process of matching a plain-text password to a cryptographic hash of that password. This is done by guessing the password, but at an incredibly fast rate. We’re talking hundreds of billions of guesses per second in many cases.
CrackQ interfaces with Hashcat directly via the libhashcat library rather than using shell commands for execution. It uses the under-appreciated PyHashcat C bindings for this, which allows access to the library from Python. Aside from this, it’s the only tool that uses SAML2 authentication, allowing you to offload credential management to an identity provider (Active Directory, Azure, etc.) and also to use Multi-Factor Authentication.
The alternative option is LDAP authentication, which can be used with your own LDAP service, or for demo purposes, they have included an OpenLDAP docker container within the 4 docker containers provided as part of the application.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.