Trustwave released a new offensive password Cracking Manager called “CrackQ” developed for pentesters and the tool can be used during red teaming and pentesting engagements.
Password cracking is a process of comparing and matching the plain-text password to a cryptographic hash of that password.
Hashcat is known as a high-speed password cracking tool which utilizes the power of GPUs (Graphical Processing Units) to perform the password cracking process.
There are so many following lists of features added with CrackQ:
- Hashcat Brain integration – CrackQ will engage the Hashcat brain automatically when it is efficient to do so
- Automated re-queuing on job failure
- Easily deployable Docker images can also be used for cloud integration
- LDAP & SAML2 support with MFA
- CLI Python client or JS GUI
- Built-in password analysis/reports
- Job/Queue graphing & statistics
- Move/prioritize jobs
- REST API
- Multi-user support
- Mask files support
- Pre-configured Markov stats
CrackQ Password cracking tool using Hashcat Brain to prevents retrying the same password guess repeatedly and its high-speed password cracking algorithm effective for CrackQ to deliver the quick result.
CrackQ Vs Other Tools
CrackQ directly utilizes the Hashcat interface using libhashcat library for execution rather than Shell commands.
In order to access the library from Python, CrackQ using under-appreciated PyHashcat C bindings.
CrackQ is very unique and it is the only Tool that uses SAML2 authentication, allowing you to offload credential management to an identity provider (Active Directory, Azure, etc.) and also to use Multi-Factor Authentication.
“Daniel Turner from Trusedwave said that he has included an OpenLDAP docker container within the 4 docker containers provided as part of the application,” said via a blog post.
“There are attributes that CrackQ has that other tools don’t, and the converse is also true. For example, it currently is not able to work as a distributed system, rather it’s a client-server setup.”
Trustwave also planning to ad various new futures in upcoming releases. even though the tool is in every earlier stage of development, it contains a password analysis reporting feature.
CrackQ generates a password analysis report at a single click once it completes the password cracking report. The report includes timings and speed, but crucially insecure password choices and patterns within an organization.
“CrackQ is in its initial (alpha) release. Some of the best features are yet to come, but it’s at a point where I can release it to help improve password cracking efficiency for security teams and hopefully receive further support from the community to help grow the current feature set.” Daniel Turner said.
You can download the Offensive password Cracking Tool from GitHub.