SmartCrack is a modular, intelligent password cracking framework that automates detection, extraction, identification, and orchestration across Hashcat and John the Ripper. It evolved from a PDF-only cracker into a comprehensive security testing tool.
β οΈ Authorized-use only: Run this tool only on systems/files you own or are explicitly permitted to audit. Unauthorized access to computer systems is illegal.
# Clone and setup
git clone https://github.com/Hunter-Sploit/Smart-Crack.git
cd Smart-Crack
python -m venv .venv
source .venv/bin/activate # On Windows: .venv\Scripts\activate
pip install -r requirements.txt
# Configure default wordlist
python -m smartcrack config --wordlist /path/to/wordlist.txt
# Test with sample files
python -m smartcrack identify '$2b$12$Yzk7dXbKj.0.EKjEpqgvN.8EhY2x3QUBgLhK5E1V0sJl1p7qFRx3u'
python -m smartcrack crack example_hashes.txt --wordlist wordlist_sample.txt-
π Smart Input Detection: Automatically detects input type via magic bytes and heuristics
- Encrypted archives (PDF, ZIP, RAR, 7z)
- Hash dumps (MD5, SHA1, SHA256, bcrypt, NTLM, etc.)
- Raw plaintext hashes or files
-
π― Automatic Extractor Routing: Routes to appropriate extractors
pdf2john,zip2john,rar2john,7z2john(when available)- Extracts hashes from protected archives automatically
-
π Hash Identification: Identifies hash types with confidence scoring
- Displays hashcat mode and john format hints
- Supports multiple hash types simultaneously
-
βοΈ Intelligent Backend Planner: Selects optimal cracking engine
- Prefers Hashcat for GPU-accelerated modes
- Falls back to John the Ripper when appropriate
-
π Configuration Management: Persistent wordlist and preference storage
~/.smartcrack/config.jsonfor user preferences- Centralized wordlist management
-
π Session Logging: Complete audit trail and resume capability
~/.smartcrack/sessions/*.jsonfor forensics and history- Resume interrupted cracks
-
π‘οΈ Safe Subprocess Handling: No shell injection vulnerabilities
- Argument list-based execution
- Secure subprocess communication
-
ποΈ Single CLI Entrypoint: Easy-to-use unified interface
- Typer + Rich for beautiful, responsive CLI
| Hash Type | Mode | Example |
|---|---|---|
| MD5 | 0 | 5f4dcc3b5aa765d61d8327deb882cf99 |
| SHA1 | 100 | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 |
| SHA256 | 1400 | 5e884898da28047151d0e56f8dc62927845f5c520a550de58b9c47af9ad8e217 |
| bcrypt | 3200 | $2b$12$Yzk7dXbKj.0.EKjEpqgvN.8EhY2x3QUBgLhK5E1V0sJl1p7qFRx3u |
| NTLMv2 | 5600 | admin::domain:... |
| Kerberos | 13100 | $krb5... |
- Python 3.9+
hashcat(optional, for GPU acceleration)john+ extractors likepdf2john,zip2john(optional, for archive extraction)
# 1. Clone the repository
git clone https://github.com/Hunter-Sploit/Smart-Crack.git
cd Smart-Crack
# 2. Create and activate virtual environment
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
# 3. Install Python dependencies
pip install -r requirements.txt
# 4. Install system dependencies (Ubuntu/Debian)
sudo apt-get install hashcat john
sudo apt-get install john-data # Optional: adds more john modules
# 5. Configure default wordlist
python -m smartcrack config --wordlist /path/to/wordlist.txt# Single hash
python -m smartcrack identify '$2b$12$Yzk7dXbKj.0.EKjEpqgvN.8EhY2x3QUBgLhK5E1V0sJl1p7qFRx3u'
# Multiple hashes from file
python -m smartcrack identify hashes.txt
# Show detailed info
python -m smartcrack identify example_hashes.txt --verbose# Set default wordlist
python -m smartcrack config --wordlist /path/to/rockyou.txt
# View current config
python -m smartcrack config --show# PDF archive (auto-extracts hashes)
python -m smartcrack crack secret.pdf
# ZIP archive
python -m smartcrack crack archive.zip --wordlist /path/to/custom_wordlist.txt
# Hash file with John backend
python -m smartcrack crack dump.hash --backend john
# Raw hash string
python -m smartcrack crack '$1c8bfe8f801d79745c4631d09fff36c82' --wordlist wordlist.txt
# With custom wordlist
python -m smartcrack crack hashes.txt --wordlist wordlist_sample.txt# Use Hashcat mask attack (brute-force pattern)
python -m smartcrack crack dump.hash --mask '?a?a?a?a?a?a'
# Force specific backend
python -m smartcrack crack hashes.txt --backend hashcat
# Specify Hashcat mode manually
python -m smartcrack crack hashes.txt --hashcat-mode 0
# Use rules file (John)
python -m smartcrack crack dump.hash --rules /path/to/rules.txtsmartcrack/
βββ cli.py # Typer + Rich CLI interface
βββ models.py # Shared dataclasses
βββ __main__.py # Entry point
βββ __init__.py
βββ config/
β βββ store.py # Configuration persistence
βββ crackers/
β βββ planner.py # Backend selection logic
βββ detectors/
β βββ input_detector.py # Input type detection
βββ extractors/
β βββ john_extractors.py # Hash extraction from archives
βββ identifiers/
β βββ hash_identifier.py # Hash type identification
βββ sessions/
β βββ store.py # Session logging & resume
βββ utils/
βββ subprocess_safe.py # Secure subprocess handling
User Input β Detector β Extractor β Identifier β Planner β Cracker β Results
- Detector: Identifies input type (file, hash, archive)
- Extractor: Extracts hashes from archives if needed
- Identifier: Determines hash algorithm and parameters
- Planner: Selects optimal cracking backend (Hashcat/John)
- Cracker: Executes cracking with wordlist/mask
- Logger: Records session for audit/resume
# Test hash identification
python -m smartcrack identify example_hashes.txt
# Test cracking with sample wordlist
python -m smartcrack crack example_hashes.txt --wordlist wordlist_sample.txt
# Test single hash
python -m smartcrack identify 5f4dcc3b5aa765d61d8327deb882cf99example_hashes.txt- Sample hashes in various formats (MD5, SHA1, SHA256, bcrypt)wordlist_sample.txt- 50 common passwords for testing
Configuration is stored at ~/.smartcrack/config.json:
{
"default_wordlist": "/path/to/rockyou.txt",
"preferred_backend": "hashcat",
"timeout_seconds": 3600,
"session_dir": "~/.smartcrack/sessions"
}# Set wordlist
python -m smartcrack config --wordlist /path/to/wordlist.txt
# Show current config
python -m smartcrack config --show
# Reset to defaults
python -m smartcrack config --reset| Issue | Solution |
|---|---|
hashcat: command not found |
Install hashcat: sudo apt-get install hashcat |
pdf2john: command not found |
Install John: sudo apt-get install john |
| Hash not identified | Ensure hash format is correct; check identify --verbose |
| Crack runs but finds nothing | Try larger wordlist (e.g., rockyou.txt) or different mask |
| Permission denied on config | Ensure ~/.smartcrack/ directory exists: mkdir -p ~/.smartcrack |
- Extractor coverage is basic but easily extensible
- Hash identification engine is pattern-based (could use ML)
- No distributed cracking (intentional for v1)
- Limited rule/mask documentation
Contributions welcome! Areas for improvement:
- New Extractors: Add support for more archive formats
- Hash Types: Extend identifier with new pattern matchers
- Performance: Optimize backend selection logic
- Documentation: Expand examples and guides
- Tests: Add unit and integration tests
MIT License - See LICENSE file for details
This tool is for authorized security testing and educational purposes only. Unauthorized access to computer systems is illegal. Users are responsible for:
- Obtaining proper authorization before testing
- Complying with all applicable laws and regulations
- Using this tool ethically and responsibly
- Respecting privacy and security
The developers assume no liability for misuse or damage caused by this tool.
For issues, questions, or suggestions:
- Open a GitHub Issue
- Check existing issues for similar problems
- Provide detailed error messages and reproduction steps
Happy Cracking! π (with proper authorization, of course)