A tool to crack some hashes through the Weakpass API.
Project description
weakpass-lookup
A Python script that queries the Weakpass API to attempt cracking various types of password hashes (NTLM, MD5, SHA1, SHA256). This tool is particularly helpful for cracking NTLM hashes obtained via DCSync in a Windows Domain environment, though it supports several other hash types as well.
Features
- Generic search: No need to specify the hash type (supports NTLM, MD5, SHA1, SHA256).
- Bulk processing: Reads hashes from a file and checks them concurrently using multiple worker threads.
- Single hash processing: Checks a single hash without needing a file.
- Verbose mode: Provides additional debug output to help with troubleshooting.
- Debug mode: Rich-formatted tracebacks and HTTP details for local/dev troubleshooting.
Installation
It is recommended to install weakpass-lookup using pipx (preferred) or pip.
Using pipx (Recommended)
pipx install weakpass-lookup
Make sure you have pipx installed and set up on your system.
Using pip
pip install weakpass-lookup
Usage
usage: weakpass-lookup [-h] (-f FILE | -H HASH) [-w WORKERS] [-v] [-d]
Searches hashes in the Weakpass API
optional arguments:
-h, --help show this help message and exit
-f FILE, --file FILE File with list of hashes (one per line)
-H HASH, --hash HASH Individual hash to search
-w WORKERS, --workers WORKERS
Number of threads to use (default: 10)
-v, --verbose Verbose mode to show more debugging details
-d, --debug Debug mode with tracebacks and HTTP details (use only in local/dev)
Examples
-
Crack a single hash:
weakpass-lookup --hash <HASH_VALUE>
-
Crack multiple hashes from a file (default 10 threads):
weakpass-lookup --file /path/to/hashes.txt --workers 10
-
Use verbose mode for debugging:
weakpass-lookup --file /path/to/hashes.txt --verbose
-
Detailed debug:
weakpass-lookup --hash <HASH_VALUE> --debug
Output
-
When processing a file:
<filename>_cracked.txt: Stores all cracked hashes in<hash>:<password>format.<filename>_uncracked.txt: Stores all remaining uncracked hashes.
-
When processing a single hash:
- Prints the result (cracked or uncracked) directly to the terminal.
Contributing
- Fork the project.
- Create a new feature branch (
git checkout -b feature/my-feature). - Commit your changes (
git commit -m 'Add some feature'). - Push to the branch (
git push origin feature/my-feature). - Open a Pull Request.
License
This project is licensed under the MIT License. Feel free to use, modify, and distribute it as per the terms of the license.
Happy cracking with weakpass-lookup!
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file weakpass_lookup-0.1.1.tar.gz.
File metadata
- Download URL: weakpass_lookup-0.1.1.tar.gz
- Upload date:
- Size: 6.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0b782fdb553a69cd428c6bf0ecb5ce31a3ac0f3cd0f2c43ddd519d0338065921
|
|
| MD5 |
6ba637aadeae033516a50aca984ed114
|
|
| BLAKE2b-256 |
4300cd33714023a5324833635ab8eab8e100735e7e4f61d73cbe663cd8aef7b2
|
Provenance
The following attestation bundles were made for weakpass_lookup-0.1.1.tar.gz:
Publisher:
main.yml on ADScanPro/weakpass-lookup
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
weakpass_lookup-0.1.1.tar.gz -
Subject digest:
0b782fdb553a69cd428c6bf0ecb5ce31a3ac0f3cd0f2c43ddd519d0338065921 - Sigstore transparency entry: 404421216
- Sigstore integration time:
-
Permalink:
ADScanPro/weakpass-lookup@7c9c5dc973ef0a5df98bf6144a27ccf26f962666 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/ADScanPro
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
main.yml@7c9c5dc973ef0a5df98bf6144a27ccf26f962666 -
Trigger Event:
push
-
Statement type:
File details
Details for the file weakpass_lookup-0.1.1-py3-none-any.whl.
File metadata
- Download URL: weakpass_lookup-0.1.1-py3-none-any.whl
- Upload date:
- Size: 6.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5a091c1b5cce37149c50387bb4556f71d10a1d13d5aa1c2cd259cf2d53d00e48
|
|
| MD5 |
614fa4b8e3171219ae4a702436fb1e9c
|
|
| BLAKE2b-256 |
214d8361f55fa5d3f714ce562599e3f514f19adcf229b318ad07b23e741ef6f0
|
Provenance
The following attestation bundles were made for weakpass_lookup-0.1.1-py3-none-any.whl:
Publisher:
main.yml on ADScanPro/weakpass-lookup
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
weakpass_lookup-0.1.1-py3-none-any.whl -
Subject digest:
5a091c1b5cce37149c50387bb4556f71d10a1d13d5aa1c2cd259cf2d53d00e48 - Sigstore transparency entry: 404421218
- Sigstore integration time:
-
Permalink:
ADScanPro/weakpass-lookup@7c9c5dc973ef0a5df98bf6144a27ccf26f962666 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/ADScanPro
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
main.yml@7c9c5dc973ef0a5df98bf6144a27ccf26f962666 -
Trigger Event:
push
-
Statement type:
