CrackQ – New Offensive Password Cracking Tool For Penetration Testers

Trustwave released a new offensive password Cracking Manager called “CrackQ” developed for pentesters and the tool can be used during red teaming and pentesting engagements.

Password cracking is a process of comparing and matching the plain-text password to a cryptographic hash of that password.

CrackQ provides an intuitive interface for Hashcat served by a REST API and the frontend developed by JavaScript-based Web Application.

Hashcat is known as a high-speed password cracking tool which utilizes the power of GPUs (Graphical Processing Units) to perform the password cracking process.

There are so many following lists of features added with CrackQ:

  • Hashcat Brain integration – CrackQ will engage the Hashcat brain automatically when it is efficient to do so
  • Automated re-queuing on job failure
  • Easily deployable Docker images can also be used for cloud integration
  • LDAP & SAML2 support with MFA
  • CLI Python client or JS GUI
  • Built-in password analysis/reports
  • Job/Queue graphing & statistics
  • Move/prioritize jobs
  • Multi-user support
  • Mask files support
  • Pre-configured Markov stats

CrackQ Password cracking tool using Hashcat Brain to prevents retrying the same password guess repeatedly and its high-speed password cracking algorithm effective for CrackQ to deliver the quick result.

CrackQ Vs Other Tools

CrackQ directly utilizes the Hashcat interface using libhashcat library for execution rather than Shell commands.

In order to access the library from Python, CrackQ using under-appreciated PyHashcat C bindings.

CrackQ is very unique and it is the only Tool that uses SAML2 authentication, allowing you to offload credential management to an identity provider (Active Directory, Azure, etc.) and also to use Multi-Factor Authentication.

“Daniel Turner from Trusedwave said that he has included an OpenLDAP docker container within the 4 docker containers provided as part of the application,” said via a blog post.

“There are attributes that CrackQ has that other tools don’t, and the converse is also true. For example, it currently is not able to work as a distributed system, rather it’s a client-server setup.”

Trustwave also planning to ad various new futures in upcoming releases. even though the tool is in every earlier stage of development, it contains a password analysis reporting feature.

CrackQ generates a password analysis report at a single click once it completes the password cracking report. The report includes timings and speed, but crucially insecure password choices and patterns within an organization.

“CrackQ is in its initial (alpha) release. Some of the best features are yet to come, but it’s at a point where I can release it to help improve password cracking efficiency for security teams and hopefully receive further support from the community to help grow the current feature set.” Daniel Turner said.

You can download the Offensive password Cracking Tool from GitHub.

You can follow us on LinkedinTwitterFacebook for daily Cyber Security and hacking news updates.

Also Read

Top 10 Best Open Source Intelligence Tools (OSINT Tools) for Penetration Testing – 2019

Flan Scan – Cloudflare Released New Network Vulnerability Scanner Tool Based on Nmap

Balaji N

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Published by
Balaji N

Recent Posts

GoTitan Botnet Actively Exploiting Apache ActiveMQ Vulnerability

Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…

17 hours ago

Cybercriminals are Showing Hesitation to Utilize AI When Executing Cyber Attacks

Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…

17 hours ago

Vigil: Open-source Security Scanner for LLM Models Like ChatGPT

An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…

18 hours ago

Slovenia’s Biggest Power Provider has Suffered a Cyberattack

One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…

18 hours ago

Genesis Market Technique: Hackers Exploited Node.js and EV Certificates

In the labyrinthine landscape of cyber threats, the Trend Micro Managed XDR team has uncovered…

20 hours ago

Design Flaw in Domain-Wide Delegation Could Leave Google Workspace Vulnerable to Takeover – Hunters

BOSTON, MASS. and TEL AVIV, ISRAEL, November 28, 2023 - A severe design flaw in…

2 days ago