Trustwave released a new offensive password Cracking Manager called “CrackQ” developed for pentesters and the tool can be used during red teaming and pentesting engagements.
Password cracking is a process of comparing and matching the plain-text password to a cryptographic hash of that password.
Hashcat is known as a high-speed password cracking tool which utilizes the power of GPUs (Graphical Processing Units) to perform the password cracking process.
There are so many following lists of features added with CrackQ:
CrackQ Password cracking tool using Hashcat Brain to prevents retrying the same password guess repeatedly and its high-speed password cracking algorithm effective for CrackQ to deliver the quick result.
CrackQ directly utilizes the Hashcat interface using libhashcat library for execution rather than Shell commands.
In order to access the library from Python, CrackQ using under-appreciated PyHashcat C bindings.
CrackQ is very unique and it is the only Tool that uses SAML2 authentication, allowing you to offload credential management to an identity provider (Active Directory, Azure, etc.) and also to use Multi-Factor Authentication.
“Daniel Turner from Trusedwave said that he has included an OpenLDAP docker container within the 4 docker containers provided as part of the application,” said via a blog post.
“There are attributes that CrackQ has that other tools don’t, and the converse is also true. For example, it currently is not able to work as a distributed system, rather it’s a client-server setup.”
Trustwave also planning to ad various new futures in upcoming releases. even though the tool is in every earlier stage of development, it contains a password analysis reporting feature.
CrackQ generates a password analysis report at a single click once it completes the password cracking report. The report includes timings and speed, but crucially insecure password choices and patterns within an organization.
“CrackQ is in its initial (alpha) release. Some of the best features are yet to come, but it’s at a point where I can release it to help improve password cracking efficiency for security teams and hopefully receive further support from the community to help grow the current feature set.” Daniel Turner said.
You can download the Offensive password Cracking Tool from GitHub.
Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…
Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…
An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…
One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…
In the labyrinthine landscape of cyber threats, the Trend Micro Managed XDR team has uncovered…
BOSTON, MASS. and TEL AVIV, ISRAEL, November 28, 2023 - A severe design flaw in…