Skip to content

AdrianVollmer/Crack-O-Matic

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
crackomatic
crackomatic
 
 
doc
doc
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
MANIFEST.in
MANIFEST.in
 
 
README.md
README.md
 
 
crackomatic.py
crackomatic.py
 
 
pytest.ini
pytest.ini
 
 
setup.py
setup.py
 
 

Repository files navigation

Crack-O-Matic

Find and notify users in your Active Directory with weak passwords.

Features:

  • Linux-based
  • Flask-based web app
  • Hashcat or John cracker
  • Automated e-mails
  • Graphical reports
  • Privacy preserving

Read the docs for more information.

Screenshots

Report 1

Report 2

Tests

If you're a developer and want to run the tests, you need to edit tests/.env and define the following variables according to your environment:

# path to `john` binary
JOHN_PATH=/opt/john/run/john
# path to `hashcat` binary
HASHCAT_PATH=/usr/bin/hashcat
# FQDN of a test domain
DOMAIN=crack.local
# name of one of its domain admins
DOMAINUSER=Administrator
# domain admin password
DOMAINPASS=
# FQDN of a domain controller in the test domain
HOST=localdc.crack.local

If you don't have a test domain, you can use the docker-compose file in tests/docker to run a Samba DC (docker-compose run --service-ports dc). Inside the file you will find the values you need. You should also create an entry for the FQDN in your /etc/hosts.

License and Copyright

MIT, Copyright 2021 Adrian Vollmer

See LICENSE for the full license text.

About

Find and notify users in your Active Directory with weak passwords

Topics

flask active-directory john-the-ripper hashcat blueteam cracking-hashes

Resources

Readme

License

MIT license
Activity

Stars

101 stars

Watchers

6 watching

Forks

3 forks
Report repository

Releases

3 tags

Languages