Skip to content


Repository files navigation


After two years and six months, a new stable release is finally here! See the Changelog for details.

The installation has never been easier: Fitcrack is now available as a pre-built Docker image on Docker Hub. See Docker install README for details.

Fitcrack (Distributed password cracking system)

Fitcrack is a BOINC-based hashcat-powered distributed password cracking system. It recovers passwords that protect various encrypted media like documents, archives, or disk volumes, breaks various application passwords, as well as raw or salted cryptographic hashes. You can use our system to crack more than 350 different algorithms supported by hashcat. Fitcrack allows you to distribute your tasks over dozens of different GPU-equipped computing nodes with Linux, Windows OS or macOS. For controlling your cracking network and management of jobs, you can use our friendly WebAdmin interface, or communicate directly with our REST API.

A detailed documentation and other information can be found at

Any issue or feature request? Join Fitcrack community on Discord.

Table of Contents

Clone Fitcrack repository with submodules

Run git clone --recursive


Since Fitcrack 2.4.0, Docker is the recommended method for deployment. Everything is shipped in a single container. It also has a native support for SSL/TLS which is now super-easy to configure. Nevertheless, you can still use the installer or manual install if you want.

See instructions the desired type of deployment:

Operating the server


The default login credentials to the WebAdmin are:

  • login: fitcrack
  • password: FITCRACK

In the Docker-based version, those defaults can be changed by modifying the WEBADMIN_LOGIN and WEBADMIN_PW variables in your .env file.

To learn how to use WebAdmin, check our Fitcrack WebAdmin user guide.

Server daemons

Fitcrack provides an init script can automatically starts all the server daemons, and can be also used for stopping or restarting them. In the Docker-based version, the script is automatically set up inside the Fitcrack server container. With installer-based deployement, you will be asked whether you wish to add Fitcrack as a system service.

To control the server daemons, inside your Docker container (or on the machine where you installed Fitcrack), type:

service fitcrack [start|stop|status|restart]

For non-Docker systemd-based deployments, you can also use:

systemctl [start|stop|status|restart] fitcrack

It is also possible to operate the server daemons manually by logging as the BOINC user (e.g. boincadm), descending into the project directory (e.g. /home/boincadm/project/fitcrack) and running one of the following:

  • ./bin/start
  • ./bin/stop
  • ./bin/status
  • ./bin/restart

Advanced: Host specific configuration

Sometimes you need to configure specific behavior for individual hosts. Fitcrack allows you to define additional host-specific hashcat arguments. This gives you options to select what GPUs to use for cracking, configure the workload profile for fine-tuning of the performance, etc. Simply create a file /etc/fitcrack.conf (Linux/macOS hosts) or C:\ProgramData\BOINC\fitcrack.conf (Windows hosts). If the file exists and is readable for the BOINC client user, the Runner subsystem will append the contents to hashcat's arguments.


$ echo '-w 4 -d 1,2 --force' > /etc/fitcrack.conf

Hashcat will use OpenCL devices 1 and 2. The workload profile will be set to level 4 (Nightmare). The cracking session will be forced and all warnings ignored.


For debugging Docker-based Fitcrack deployments, see this page. For deployments with Installer (or manual installations), see this page.


Visit CHANGELOG to see changes between different versions of Fitcrack