Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers.

Overview

Hashtopolis

Hashtopolis

CodeFactor LoC Build Status Current Agent

Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers. The main goals for Hashtopolis's development are portability, robustness, multi-user support, and multiple groups management. The application has two parts:

  • Agent Python client, easily customizable to suit any need.
  • Server several PHP/CSS files operating on two endpoints: an Admin GUI and an Agent Connection Point

Aiming for high usability even on restricted networks, Hashtopolis communicates over HTTP(S) using a human-readable, hashing-specific dialect of JSON.

The server part runs on PHP using MySQL as the database back end. It is vital that your MySQL server is configured with performance in mind. Queries can be very expensive and proper configuration makes the difference between a few milliseconds of waiting and disastrous multi-second lags. The database schema heavily profits from indexing. Therefore, if you see a hint about pre-sorting your hashlist, please do so.

The web admin interface is the single point of access for all client agents. New agent deployments require a one-time password generated in the New Agent tab. This reduces the risk of leaking hashes or files to rogue or fake agents.

There are parts of the documentation and wiki which are not up-to-date. If you see anything wrong or have questions on understanding descriptions, feel free to contact us on Twitter (@s3inlc, @winxp5421), join our Discord server (https://discord.gg/S2NTxbz) or join our Forum (https://hashtopolis.org).

To report a bug, please create an issue and try to describe the problem as accurately as possible. This helps us to identify the bug and see if it is reproducible.

In an effort to make the Hashtopussy project conform to a more politically neutral name it was rebranded to "Hashtopolis" in March 2018.

Features

  • Easy and comfortable to use
  • Dark and light theme
  • Accessible from anywhere via web interface or user API
  • Server component highly compatible with common web hosting setups
  • Unattended agents
  • File management for word lists, rules, ...
  • Self-updating of both Hashtopolis and Hashcat
  • Cracking multiple hashlists of the same hash type as though they were a single hashlist
  • Running the same client on Windows, Linux and macOS
  • Files and hashes marked as "secret" are only distributed to agents marked as "trusted"
  • Many data import and export options
  • Rich statistics on hashes and running tasks
  • Visual representation of chunk distribution
  • Multi-user support
  • User permission levels
  • Various notification types
  • Small and/or CPU-only tasks
  • Group assignment for agents and users for fine-grained access-control
  • Compatible with crackers supporting certain flags
  • Report generation for executed attacks and agent status
  • Multiple file distribution variants

Setup and Usage

Please visit the wiki for more information on setup and upgrade.

Some screenshots of Hashtopolis (by winxp5421 and s3in!c): Imgur1 Imgur2

Contribution Guidelines

We are open to all kinds of contributions. If it's a bug fix or a new feature, feel free to create a pull request. Please consider some points:

  • Just include one feature or one bugfix in one pull request. In case you have two new features please also create two pull requests.
  • Try to stick with the code style used (especially in the PHP parts). IntelliJ/PHPStorm users can get a code style XML here.

The pull request will then be reviewed by at least one member and merged after approval. Don't be discouraged just because the first review is not approved, often these are just small changes.

Thanks

  • winxp5421 for testing, writing help texts and a lot of input ideas
  • blazer for working on the csharp agent and hops for working on the python agent
  • Cynosure Prime for testing
  • atom for hashcat
  • curlyboi for the original Hashtopus code
  • 7zip binaries are compiled from here
  • uftp binaries are compiled from here
Comments
  • Hashtype 13100 too long for column 'hash'

    Hashtype 13100 too long for column 'hash'

    Your current Server version located at the bottom of any hashtopussy webpage. 0.5.0 Alpha

    Current Client version 0.50.2

    Your current Hashcat version 4.0.1

    Issue Description

    Me again (sorry !). When trying to save a hash for type 13100, the length exceeds the column size in the MySQL database.

    Currently the hash column is set to varchar(1024), but the 13100 hash I have (and most if not all of them will be a length of similar size) is 2178 characters long. This is just a column size issue, but it won't allow me to edit it in MySQL. It might make sense to define the column as TEXT rather than VARCHAR ?

    [Wed Jan 31 11:23:40.184203 2018] [:error] [pid 30247] [client 10.35.3.86:36232] PHP Fatal error:  Uncaught PDOException: SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'hash' at row 1 in /var/www/html/dba/AbstractModelFactory.class.php:267\nStack trace:\n#0 /var/www/html/dba/AbstractModelFactory.class.php(267): PDOStatement->execute(Array)\n#1 /var/www/html/inc/handlers/HashlistHandler.class.php(322): DBA\\AbstractModelFactory->massSave(Array)\n#2 /var/www/html/inc/handlers/HashlistHandler.class.php(95): HashlistHandler->create()\n#3 /var/www/html/hashlists.php(36): HashlistHandler->handle('createHashlist')\n#4 {main}\n  thrown in /var/www/html/dba/AbstractModelFactory.class.php on line 267, referer: http://x.x.x.x/hashlists.php?new=true
    
    waiting on user feedback 
    opened by recrudesce 42
  • Large Chunk sizes are randomly issued.

    Large Chunk sizes are randomly issued.

    Hi,

    whats this loop? This agent was running normally, now it stopped and it was like this hashcat64.exe -b not error Loop: Getting chunk... Server requsted the client benchark this task for 30 seconds Getting chunk... Getting task Downloading hashlist for this task, please wait... Getting chunk... Server requsted the client benchark this task for 30 seconds Getting chunk... Getting task Downloading hashlist for this task, please wait... Getting chunk... Server requsted the client benchark this task for 30 seconds

    is necessary attach any screen?

    bug 
    opened by pccheck 41
  • Could not locate /home/fenix/hashtopussy/hashcat/1/hashcat-464.164.064.bin

    Could not locate /home/fenix/hashtopussy/hashcat/1/hashcat-464.164.064.bin

    did all by manual but got this message

    fenix@fenix-System-Product-Name:~/hashtopussy$ sudo mono ./hastopussy.exe Client Version 0.52.1 Connecting to server http://192.168.1.14/api/server.php System is Linux 64-bit Existing token found Sending server client information System is Linux 64-bit Logged in to server Checking for client updates You are using the latest client version Using new STATUS codes Getting task Server has assigned client with Task:4, Cracker:1 and Hashlist:2 Downloading hashlist for this task, please wait... Downloading from http://192.168.1.14/getHashlist.php?hashlists=2&token=SNOvg0MP13 Downloading 100% @ 6.89 MB/s Finished downloading file Client already exists, skipping download Getting chunk... Server has requested the client measure the keyspace for this task Could not locate /home/fenix/hashtopussy/hashcat/1/hashcat-464.164.064.bin Keyspace measuring was unsuccessful, check all files are present

    help me pls tired to get this problem solve

    opened by myhashs 38
  • WPA2 not working with 8-9 characters.

    WPA2 not working with 8-9 characters.

    Hashtopussy server: 0.4.3 Hashtopussy client: 0.46.2 Hashcat version: 4.0.1

    I'm having an issue with WPA2 cracking. When I run -a 3 #HL# ?l?l?l?l?l?l?l?l as the command for the task, assign an agent manually, the client is assigned, when I refresh the page, It is still showing as assigned. But when the agent that had the task assigned to it checks for tasks, It will be unassigned and the agent won't show any errors (I checked with hashtopussy.exe debug too).

    I can provide any info you need...

    opened by k8ieone 36
  • benchmark and assign

    benchmark and assign

    On any task if I choose speed benchmark, the task does not start, or when it starts, it gets very low H / s values. Runtime Benchmark, works better, however on some tasks I can not associate all the agents, see the details, I have 3 more agents and they do not recognize the task, even associating. thank you agent.pdf taskdetails.pdf

    opened by pccheck 25
  • Agent not passing Cracked Hashes to Server

    Agent not passing Cracked Hashes to Server

    Current Server version: 0.3.2. Current Client version: 0.43.13 The exact task command you are trying to run: #HL# 00.txt (if native hashcat: hashcat64 -m 2100 DCC2_hashes.txt -a 0 00.txt) Problem Description: Agent is cracking DCC2 hashes, but is not passing that information back to the server. Server still shows yellow bar, 0 hashes cracked, after job completes.

    Debug output from the client by running "hashtopussy.exe debug":

    Client Version 0.43.13 Checking for client updates {"action":"update","type":"csharp","version":"0.43.13"} {"action":"update","response":"SUCCESS","version":"OK"} You are using the latest client version System is Windows Existing token found {"action":"login","token":"ceLJOah9YB"} {"action":"login","response":"SUCCESS","timeout":"30"} Logged in to server {"action":"download","type":"hashcat","token":"ceLJOah9YB","force":0} Hashcat version v3.6.0 found Getting task {"action":"task","token":"ceLJOah9YB"} {"action":"task","response":"SUCCESS","task":27,"attackcmd":"#HL# 00.txt","cmdpars":" --hash-type=2100","hashlist":6,"bench":30,"statustimer":5,"files":["00.txt"],"benchType":"run","hashlistAlias":"#HL#"} Downloading hashlist for this task, please wait... {"action":"hashes","token":"ceLJOah9YB","hashlist":6} Getting chunk... {"action":"chunk","token":"ceLJOah9YB","taskId":27} {"action":"chunk","response":"SUCCESS","status":"keyspace_required"} Server has requested the client to measure the keyspace for this task {"action":"keyspace","token":"ceLJOah9YB","taskId":27,"keyspace":733976} Getting chunk... {"action":"chunk","token":"ceLJOah9YB","taskId":27} {"action":"chunk","response":"SUCCESS","status":"benchmark"} Server requsted the client benchark this task for 30 seconds {"action":"bench","token":"ceLJOah9YB","taskId":27,"type":"run","result":"1"} {"action":"bench","response":"SUCCESS","benchmark":"OK"} Getting chunk... {"action":"chunk","token":"ceLJOah9YB","taskId":27} {"action":"chunk","response":"SUCCESS","status":"OK","chunk":20,"skip":0,"length":733976} C:\Users\Admin\Desktop\MRAP-Agent\hashcat\hashcat64.exe --hash-type=2100 "C:\Users\Admin\Desktop\MRAP-Agent\hashlists\6" 00.txt --outfile-check-dir="C:\Users\Admin\Desktop\MRAP-Agent\hashlists\zaps6" --potfile-disable --quiet --restore-disable --session=hashtopussy --status --machine-readable --status-timer=5 --outfile-check-timer=5 --remove --remove-timer=5 --separator=: -s 0 -l 733976 STATUS 2 SPEED 324 1 324 1 327 1 323 1 EXEC_RUNTIME 3.408591 3.424890 3.392343 3.409846 CURKU 0 PROGRESS 5268024 16881448 RECHASH 2 24 RECSALT 2 23 TEMP 47 51 50 48 REJECTED 187151 {"action":"solve","token":"ceLJOah9YB","chunk":20,"keyspaceProgress":0,"progress":5268024,"total":16881448,"speed":1298,"state":2,"cracks":["$DCC2$10240#MASKED_USER1#4f75a84b2c3acb878e3ae2d9def60c61:pass@w0rd","$DCC2$10240#MASKED_USER2#837369cf2921ec6f3fb9bfc8b9eab3d9:Welcome3"]} {"action":"solve","response":"SUCCESS","cracked":0,"skipped":0,"zaps":[]} Progress: 31.21% | Speed:1.30MH/s | Cracks:2 | Accepted:0 | Zapped:0 | Queue:1 STATUS 2 SPEED 324 1 323 1 326 1 323 1 EXEC_RUNTIME 3.409713 3.429730 3.377310 3.405169 CURKU 0 PROGRESS 11800575 16881448 RECHASH 3 24 RECSALT 3 23 TEMP 47 51 51 49 REJECTED 187151 {"action":"solve","token":"ceLJOah9YB","chunk":20,"keyspaceProgress":0,"progress":11800575,"total":16881448,"speed":1296,"state":2,"cracks":["$DCC2$10240#MASKED_USER3#e098509e3489df1a73f1d2d997efc6f6:Happy123"]} {"action":"solve","response":"SUCCESS","cracked":0,"skipped":0,"zaps":[]} Progress: 69.90% | Speed:1.30MH/s | Cracks:1 | Accepted:0 | Zapped:0 | Queue:1 STATUS 4 SPEED 324 1 323 1 326 1 323 1 EXEC_RUNTIME 3.415380 3.426183 3.391273 3.421347 CURKU 0 PROGRESS 16881448 16881448 RECHASH 3 24 RECSALT 3 23 TEMP 47 50 47 48 REJECTED 187151 Attack finished {"action":"solve","token":"ceLJOah9YB","chunk":20,"keyspaceProgress":0,"progress":16881448,"total":16881448,"speed":1296,"state":4,"cracks":[]} {"action":"solve","response":"SUCCESS","cracked":0,"skipped":0,"zaps":[]} Progress:100.00% | Speed:1.30MH/s | Cracks:0 | Accepted:0 | Zapped:0 | Queue:1 Finished processing chunk Getting chunk... {"action":"chunk","token":"ceLJOah9YB","taskId":27} {"action":"chunk","response":"SUCCESS","status":"fully_dispatched"} Getting task

    bug to check on new version 
    opened by 64nickel 22
  • Client does not detect and pass small keyspaces to the server.

    Client does not detect and pass small keyspaces to the server.

    Current Server Version - 0.3.2 Current Client Version - 0.43.13 Task Command: -a0 #HL# word.txt Debug Output - Client Version 0.43.13 Checking for client updates {"action":"update","type":"csharp","version":"0.43.13"} {"action":"update","response":"SUCCESS","version":"OK"} You are using the latest client version System is Linux Existing token found {"action":"login","token":"M6IryWn7bM"} {"action":"login","response":"SUCCESS","timeout":"30"} Logged in to server {"action":"download","type":"hashcat","token":"M6IryWn7bM","force":0} Hashcat version found Getting task {"action":"task","token":"M6IryWn7bM"} {"action":"task","response":"SUCCESS","task":12,"attackcmd":"-a3 #HL# word.txt ?a?a?a?a?a?a?a?a ","cmdpars":" --hash-type=0","hashlist":8,"bench":30,"statustimer":5,"files":["word.txt"],"benchType":"speed","hashlistAlias":"#HL#"} Downloading hashlist for this task, please wait... {"action":"hashes","token":"M6IryWn7bM","hashlist":8} Getting chunk... {"action":"chunk","token":"M6IryWn7bM","taskId":12} {"action":"chunk","response":"SUCCESS","status":"keyspace_required"} Server has requested the client to measure the keyspace for this task Something went wrong with keyspace measuring

    Unhandled Exception: System.FormatException: Input string was not in a correct format. at System.Number.StringToNumber (System.String str, System.Globalization.NumberStyles options, System.Number+NumberBuffer& number, System.Globalization.NumberFormatInfo info, System.Boolean parseDecimal) [0x00057] in :0 at System.Number.ParseInt64 (System.String value, System.Globalization.NumberStyles options, System.Globalization.NumberFormatInfo numfmt) [0x00016] in :0 at System.Int64.Parse (System.String s, System.IFormatProvider provider) [0x00008] in :0 at System.Convert.ToInt64 (System.String value) [0x0000c] in :0 at hashtopussy.hashcatClass.parseKeyspace (System.String line, System.Int64& keySpace) [0x0000e] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 at hashtopussy.hashcatClass.runKeyspace (System.Int64& keySpace) [0x00139] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 at hashtopussy.taskClass.getChunk (System.Int32 inTask) [0x00325] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 at hashtopussy.taskClass.getTask () [0x002f1] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 at hashtopussy.Program.Main (System.String[] args) [0x001f9] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 [ERROR] FATAL UNHANDLED EXCEPTION: System.FormatException: Input string was not in a correct format. at System.Number.StringToNumber (System.String str, System.Globalization.NumberStyles options, System.Number+NumberBuffer& number, System.Globalization.NumberFormatInfo info, System.Boolean parseDecimal) [0x00057] in :0 at System.Number.ParseInt64 (System.String value, System.Globalization.NumberStyles options, System.Globalization.NumberFormatInfo numfmt) [0x00016] in :0 at System.Int64.Parse (System.String s, System.IFormatProvider provider) [0x00008] in :0 at System.Convert.ToInt64 (System.String value) [0x0000c] in :0 at hashtopussy.hashcatClass.parseKeyspace (System.String line, System.Int64& keySpace) [0x0000e] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 at hashtopussy.hashcatClass.runKeyspace (System.Int64& keySpace) [0x00139] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 at hashtopussy.taskClass.getChunk (System.Int32 inTask) [0x00325] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 at hashtopussy.taskClass.getTask () [0x002f1] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 at hashtopussy.Program.Main (System.String[] args) [0x001f9] in <7a7f1fcab7204586a6876fb631c6c5e2>:0

    Problem Description: I am totally new to hash cracking so this could be a very simple fix. I have upload word.txt which contains "password" to the files portion of the site. I have also uploaded hash.txt containing the hash for "password" to the hashlists(this is using MD5). I then created a new task with this hashlist and word.txt. When I run mono ./hashtopussy.exe, it is giving me the above error. I am running ubuntu server for server and ubuntu for client if that helps. Thanks in advance for help with the noob question.

    bug to check on new version 
    opened by helloworldwh 22
  • Crunch was aborted

    Crunch was aborted

    hello,

    whtas this error? Chunk was aborted! Writing any cracks in queue to file C:\NVIDIA\hashlists\1.cracked Nenhum processo associado a este objeto. Error processing packet for upload ERROR Chunk was aborted! Writing any cracks in queue to file C:\NVIDIA\hashlists\1.cracked Nenhum processo associado a este objeto. Error processing packet for upload ERROR Chunk was aborted! Writing any cracks in queue to file C:\NVIDIA\hashlists\1.cracked Nenhum processo associado a este objeto. Error processing packet for upload ERROR Chunk was aborted! Writing any cracks in queue to file C:\NVIDIA\hashlists\1.cracked Nenhum processo associado a este objeto. Error processing packet for upload

    1 agent only agentproblem.pdf taskdetails.pdf

    bug 
    opened by pccheck 21
  • Reduce apache2 memory usage

    Reduce apache2 memory usage

    OS: Cloud Ubuntu 20, 2GB RAM, 2GB swap Server: Hashtopolis: 0.12.0 Client: s3-python-0.6.0 Hashcat: 5.1

    My server started to experience significant performance issues. I see that apache workers are using 800-1200M or RAM. At some point the OS starts to kill new workers (oom kill) and the system becomes unstable

    I'd like to investigate which sql query exactly may cause high memory usage. Could someone please suggest steps to troubleshoot so I can collect for info for this issue?

    Thanks

    opened by tosiara 20
  • Waiting for unfinished HTTP connections

    Waiting for unfinished HTTP connections

    I have a setup with about 20 computers and most, not all computers have had this issue. Some take longer than others though, the agents will finish their first chunk of activity and then drop the connection. I've had some agents run through 2 chunks and then drop the connection. They are the same deployed image using the same driver for AMD. They were on a domain and some were removed for troubleshooting with the same results.

    I've used Hashcat 3.10 and 3.30 and the same thing has happened, domain, no domain, IPV4, or IPV6. Any thoughts?? OS is Windows 10 Enterprise capture

    opened by rgw810 20
  • Cracked WPA hashes (22000) skipped

    Cracked WPA hashes (22000) skipped

    • Your current Server version located at the bottom of any Hashtopolis webpage. Hashtopolis: 0.12.0+repository
    • Current Client version Agent: s3-python-0.6.0
    • Your current Hashcat version 6.1.1 6.0.0
    • The exact task command you are trying to run. -a 3 #HL# soadfuck?d?d?d?d
    • Debug output from the client by running "hashtopolis.exe -d" or with debug flag set on the python client.
    [2020-11-22 21:36:20,191] [DEBUG] Sending 2 cracks...
    [2020-11-22 21:36:20,191] [DEBUG] {'action': 'sendProgress', 'token': 'UL7N1M5aDg', 'chunkId': 2, 'keyspaceProgress': 8192, 'relativeProgress': 10000, 'speed': 13354, 'state': 5, 'cracks': [['c84e92a2b1eeb1d0ec021df40dd32f3f:e4f4c63b9f18:fc539eb7637e:palmer', 'soadfuck1204', '736f61646675636b31323034', '9100'], ['e9d8e3bef190e1467c874b44fcb26551:e4f4c63b9f18:fc539eb7637e:palmer', 'soadfuck1204', '736f61646675636b31323034', '9100']], 'gpuTemp': [59], 'gpuUtil': [-1]}
    [2020-11-22 21:36:20,342] [DEBUG] http://192.168.1.138:80 "POST /api/server.php HTTP/1.1" 200 80
    [2020-11-22 21:36:20,343] [DEBUG] b'{"action":"sendProgress","response":"SUCCESS","cracked":0,"skipped":2,"zaps":[]}'
    [2020-11-22 21:36:20,343] [INFO ] Progress:100.00% Speed:  13.35kH/s Cracks: 2 Accepted: 0 Skips: 2 Zaps: 0
    [2020-11-22 21:36:21,344] [INFO ] finished chunk
    

    Describe your problem in as much detail as possible " It's broke " is not a description.

    The problem is the same as there https://github.com/s3inlc/hashtopolis/issues/618 but with hashtype 22000. After hcxdumptool->hcxpcapngtool I got WPA hashes in 22000 format. Client successfully cracks them with the following debug output. But hashtopolis skips it. If I use 2500 or 16800 hashtypes with the same hashes than everything works great. The output file:

    c84e92a2b1eeb1d0ec021df40dd32f3f:e4f4c63b9f18:fc539eb7637e:palmer	soadfuck1204	736f61646675636b31323034	9100
    e9d8e3bef190e1467c874b44fcb26551:e4f4c63b9f18:fc539eb7637e:palmer	soadfuck1204	736f61646675636b31323034	9100
    
    bug hashcat 
    opened by TevPalver 19
  • Feature request: Disable/Enable all agents button

    Feature request: Disable/Enable all agents button

    Before upgrade I would like to be able to disable all agents. Secondly when all agents are disabled ,for example when an invalid task is created, I would like to be able to enable them all without the selecting them all individually.

    opened by rickvanderzwet 0
  • Feature request: priorization based on agent ownership

    Feature request: priorization based on agent ownership

    An advanced scheduling scenario.

    Preface Assume multiple agents running on hardware belonging to different persons (or groups) running an hashtopolis instance together, because the groups would like to share idle resources if available.

    Feature Request An agent can only do work for other groups if tasks submitted by the 'owner' of the agent are marked completed. An agent should also 'postpone' running tasks for other groups if an task is submitted by the 'owner'.

    opened by rickvanderzwet 0
  • Feature request: Load balanced scheduling of jobs

    Feature request: Load balanced scheduling of jobs

    Imagine a hashtopolis environment with systems of multiple configurations. 3 agents of typeA (1 GPU) and 2 agents of typeB (4 GPUs').

    When issuing a 'small task' or a 'maxAgent' task it highly depends on the agent which is going to take it if the job is suited for the agent. It would be nicer if some kind of 'weight' could be assigned instead. Allowing one to tell what kind of resources are needed and thus if it should be considered a 'small' task.

    opened by rickvanderzwet 0
  • Hashes over 65535 in length triggers database error

    Hashes over 65535 in length triggers database error

    The ./hashcat/tools/luks2hashcat.py tooling (can) produce hashes which are over 65535 in length. Which are to be used together with LUKS hash algoritm 29521 (new in hashcat 6.2.6). When trying to insert into this into hashtopolis it triggers an database error:

    PHP Fatal error:  Uncaught PDOException: 
    SQLSTATE[42000]: Syntax error or access violation: 1074 Column length too big for column 'hash' (max = 65535); use BLOB or TEXT instead in /var/www/hashtopolis/inc/Util.class.php:1301\nStack trace:\n#0
    /var/www/hashtopolis/inc/Util.class.php(1301): PDO->query('ALTER TABLE
    Has...')\n#1 /var/www/hashtopolis/inc/utils/ConfigUtils.class.php(88): 
    Util::setMaxHashLength(264000)\n#2
    /var/www/hashtopolis/inc/handlers/ConfigHandler.class.php(13): 
    ConfigUtils::updateConfig(Array)\n#3
    /var/www/hashtopolis/config.php(22): 
    ConfigHandler->handle('updateConfig')\n#4 {main}\n  thrown in
    /var/www/hashtopolis/inc/Util.class.php on line 1301
    

    Unable to insert long hashes has been reported a while ago in #184 and #324 how-ever both tickets are closed, allowing me to make a fresh one, since IMHO the issue still persist.

    One suggestion would be to use a different way of storing large hashes in the database e.g.:

    diff --git a/src/install/hashtopolis.sql b/src/install/hashtopolis.sql
    index 1b357b35..c3faff58 100644
    --- a/src/install/hashtopolis.sql
    +++ b/src/install/hashtopolis.sql
    @@ -237,7 +237,7 @@ CREATE TABLE `FileDelete` (
     CREATE TABLE `Hash` (
       `hashId`      INT(11)      NOT NULL,
       `hashlistId`  INT(11)      NOT NULL,
    -  `hash`        TEXT         NOT NULL,
    +  `hash`        MEDIUMTEXT   NOT NULL,
       `salt`        VARCHAR(256) DEFAULT NULL,
       `plaintext`   VARCHAR(256) DEFAULT NULL,
       `timeCracked` BIGINT       DEFAULT NULL,
    

    How-ever I am not sure whether this has unwanted side-effects.

    opened by rickvanderzwet 0
  • Don't count every time keyspace

    Don't count every time keyspace

    Using a dictionary of 400 gigabytes (for example, weakpass) the calculation of the keyspace takes from an hour or more for each task with the same dictionary and command, is it possible to remember the size of the keyspace? Now the only thing that comes to mind is to make a trigger in mysql.

    opened by Oooooooooooooooooooooooooooops 0
  • Deleted finished

    Deleted finished

    Hashtopolis: 0.13.0 commit d8a5eb7 branch master If the hash was found in already cracked hashes, then the delete finished button does not delete this supertask

    opened by Oooooooooooooooooooooooooooops 0
Releases(v0.13.0)
  • v0.13.0(Nov 28, 2022)

    Features

    • Added monitoring of CPU utilization of agents.
    • Cracked hashes for all hashlists can be shown together (caution: only use when having smaller hashlists).
    • Allow abort all chunks of a specific access group from the User API.
    • Tasks can be set to top priority (to be first in the list) by the User API.
    • Supertask runtime can be estimated on the supertask detail page by entering expected attack speeds for hashcat wordlist and bruteforce attacks.
    • Number of agents per task can be limited (pull request #764).
    • Hashlists can be archived.
    • Added hashtype dropdown autocompletion for creating new hashlists (pull request #781).
    • Allow agents to register as CPU agents only (feature request #805).

    Bugfixes

    • Fixed search hash function.
    • Fixed possible path traversal vulnerability on filename check.
    • Fixed pre-crack import of lists with >1000 lines.
    • Fixed availability of cracked hashes link on restrained permissions.
    • Fixed access controls for owners of agents.
    • Fixed improper updating of superhashlist counts on deletion of hashlists.
    • Fixed missing .map files for javascript dependencies.
    • Fixed users being able to access tasks with hashlists they would not be allowed to view.
    • Fixed users being able to access hashlists they are not allowed to see.
    • Adjusted handling to be able to deal with changed mode 22000 output.
    • Fixed pagination of hashes on cracks page.
    • Time of Zaps inserted is now saved.
    • Fixed unable to unassign agent from the task detail screen.
    • Fixed speed graph incorrect when status timer is different from servers default.
    • Fixed sending two to headers when sending emails (issue #751).
    • Fixed access group not being changed on Hashlist detailed screen (issue #765).
    • Fixed missing check on permissions for sending notifications (issue #757).
    • Fixed unassignable agents are shown as assignable (issue #777).
    • Fixed not deleting all references (related to zaps) when deleting hashlist (issue #747).
    • Added check for max length of the attack command (issue #668).
    • Fixed missing flag isArchived on User API getTask requests (issue #794).

    Enhancements

    • Cracker version and name are shown on task details.
    • Task notes and cracker version are copied.
    • Agent activity is also shown on the agent status page.
    • Chunks for a task can be all view, instead of only the last 100.
    • Allow changing the status interval for created tasks.
    • Permissions for managing access groups is separate from the permission to manage users.
    • The agent status page shows more detailed information on temperature and usage.
    • JQuery updated to v3.6.0.
    • Print database connection error in UI theme.
    • Agent detail page now has a hide/show button for the config parameters.
    • Agents overview page and agent detail page now show counter for repeating devices.
    • Increase size of database column for storing agentstats.
    Source code(tar.gz)
    Source code(zip)
  • v0.12.0(Feb 18, 2020)

    Features

    • Generic preprocessor integration to allow inclusion of any preprocessor supporting chunking.
    • Dark mode added.

    Bugfixes

    • Fixed increasing the superhashlist cracked count if there are cracks running one of the hashlists alone.
    • Fixed hidden superhashlists on task creation page due to filtering.
    • Fixed reporting result of health check which resulted in endless loop depending on the used IDs.
    • Fixed reporting outdated speed on tasks page when agent is put inactive directly.
    • Fixed recalculation of benchmark when changing chunk time.
    • Fixed discord notification to work again.
    • Fixed missing index structure on speed measurements table.

    Enhancements

    • Agents can be assigned to tasks via user API.
    • Server can be configured to provide 'isComplete' flag on the user API when requesting all tasks.
    • Certain agent errors can be whitelisted to be completely ignored (for such who don't affect the running).
    • Hashlists can be moved to other Access Groups after creation.
    • Health checks can now be deleted.
    • API keys can get masked if admin is not assigned to them.
    • Agent data for temperature and util are split into separate graphs and have more different colors.
    • Files can now be selected for either the cracker task or the preprocessor and are filled in the corresponding field.
    • Included new Hashcat modes included in newest beta.
    • Adjusted to new format of Hashcat printing cracked WPA hashes.
    • Adjusted to PMKID handling of Hashcat.
    Source code(tar.gz)
    Source code(zip)
  • v0.11.0(Jun 25, 2019)

    Bugfixes

    • Fixed wrong task speed summation for task overview page.
    • Fixed error on hashlist hash retrieval.
    • Fixed XSS on hashes view page when printing a hashlist.
    • Fixed missing check for blacklisted characters when editing task.
    • Fixed issue with creating a preconfigured task from the API.
    • Fixed wrong rendering of forms when showing supertasks on hashlist pages.
    • Fixed wrong reporting of speed on tasks overview due to cached speeds.
    • Fixed wrong search value of tasks list on hashlist details page.
    • Fixed missing update of cracked count for superhashlists.
    • Fixed listing of hashlists and hashes of lists which should not be accessible by user.

    Enhancements

    • Temperature and util thresholds for agent status page can be configured.
    • User API can provide all cracks for a given task.
    • User API provides information if task is complete or not.
    • User API can provide all cracks for a given hashlist.
    • Support for new Hashcat versions without 32/64-bit naming.
    Source code(tar.gz)
    Source code(zip)
  • v0.10.1(Nov 21, 2018)

    Bugfixes

    • Fixed createHashlist API call with wrong brain parameter conversion.
    • Fixed createUser API call with wrong amount of parameters.
    • Fixed applying supertasks directly from hashlist view.
    • Fixed wrong saving of build number if it didn't exist.

    Updating

    Please read the notes regarding updating for newer Hashtopolis version on the 0.10.0 release: https://hashtopolis.org/thread-41.html

    Source code(tar.gz)
    Source code(zip)
    0.10.1.zip(7.33 MB)
    0.10.1.zip.sha256(64 bytes)
  • v0.10.0(Nov 16, 2018)

    Features

    • Integration of Hashcat Brain feature.
    • Speed data is kept and can be shown in graphs for tasks.
    • Agents can automatically de-register if allowed on the server.
    • Agent updates can now automatically be retrieved, based on selected update track.
    • Update scripts in the future can be handled differently. Applying updates is easier as there is a build number.

    Bugfixes

    • Fixed wrong percentage in case of big tasks where percentage was close to 0.
    • Rule splitting can only happen if at least two subparts get created afterwards.
    • Fixed filesize calculation for temporary files after rule splitting.

    Enhancements

    • In case of client errors the corresponding chunk now also is saved if available.
    • Make more clear naming on rule splitting tasks, rules have an empty line at the end to increase readability.

    Additional information about the release can be found in This Post

    Source code(tar.gz)
    Source code(zip)
    v0.10.0.zip(7.33 MB)
  • v0.9.0(Nov 5, 2018)

    Features

    • The server saves the crackpos for hash founds given by hashcat.
    • Trimming of chunks can be disabled so a chunk is always run fully again (or splitted if it is too large).
    • Supertasks can now can be created by specifying a base command and iterate over a selection of files to be placed in the command.
    • Notes can be added to hashlists.
    • Added optional trace logging of actions from the client API to get more information in case of failures.
    • Slow hashes are marked, so the client can decide if piping could make sense for this hash type.
    • Agents can run health checks to determine if all agents are running correctly.

    Bugfixes

    • Fixed GPU data graph when having multiple agents.
    • Fixed assignment issue with subtasks of supertasks if they were in the same supertask.
    • Fixed that cracker types cannot be deleted when there are supertasks using this type.

    Enhancements

    • Telegram notifications can now completely be configured via server config and also can be used through proxies.
    • Peppers of Encryption.class.php and CSRF.class.php were moved out of the files to make updating easier.
    • When importing supertasks it can be selected if they should use the optimized flag and which benchmark type should be used.
    • Subtasks are only loaded when being viewed to speed up loading of the tasks page.
    • Changed type of the hash column to TEXT to make sure to handle all the long hashes. It should not affect speed as long as there is not a multi-million hashlist.
    • Preconfigured task attack commands can be edited after creation.
    • If needed it can be set that the server should also distribute tasks with priority 0.

    Additional information about the release can be found in This Post.

    Source code(tar.gz)
    Source code(zip)
  • v0.8.0(Aug 30, 2018)

    Features

    • The server can store sent debug output from Hashcat sent by the agent.
    • Files now also are associated to an Access Group to control the visibility of files.
    • Agent data about device temperature and util is collected and can be viewed on the server.
    • Notes can be added to tasks
    • Static chunking (if for some reasone a fixed number of chunks or static chunk size should be used for a task)
    • The server can provide a list of deleted filenames to the agent when he asks for.
    • Tasks can now be copied to preconfigured tasks and preconfigured tasks can also be copied to preconfigured tasks.
    • A test framework was added to run automated tests on Travis.
    • To make sure rules are applied before rejecting, piping can be enforced.
    • Added Notification type for Slack.

    Enhancements

    • Task attack commands can be changed after creation, e.g. to fix typos
    • Switch between tasks and archived ones is easier
    • Archived tasks can be deleted at once
    • Task priority can now be set directly in the task creation form.

    Bugfixes

    • New task creation page now also shows the other file type.
    • New file creation with the user API now takes the right file type.
    • Vouchers are tested for uniqueness on creation to avoid duplicated ones.
    • Disabling rule splitting when having a prince task.
    • Fixed non-working secret checkbox for hashlists.
    Source code(tar.gz)
    Source code(zip)
  • v0.7.1(Aug 17, 2018)

    Bugfixes

    • Fixed permission check for file downloads with URLs from the user API
    • Fixed issue with creating supertasks from preconfigured task list
    • Fixed creation of tasks from preconfigured tasks out of the hashlist view
    • Fixed mask import
    • Fixed hiding of mask imports in preconfigured task list on hashlist page
    Source code(tar.gz)
    Source code(zip)
  • v0.7.0(Aug 8, 2018)

    Features

    • Tasks which are recognized containing large rule files and not giving good benchmarks result in splitting into subtasks
    • Most of the tables can now be easily ordered and searched with the datatables plugin
    • Agent Errors can be handled better
    • New User API allowing access to all functions without the webinterface via simple JSON commands.
    • Added new filetype (Other) for all non rules/wordlist files like hashcat charsets etc.
    • File types can be edited of existing files.
    • Tasks can now be archived instead of being deleted.

    Enhancements

    • Width of the container is increased to have more space on large screens.
    • Standard buttons have now icons instead of text to use less space.
    • Hashcat is configured already as crack to make it easier for users to get started.

    Bugfixes

    • Using correct function to get superhashlistId on zapping from webinterface.
    • Zapping from the website will now also issue zaps for non-salted hashlists.
    • Fixed zapping querying on progress sending from agent to also match for agent null values.
    Source code(tar.gz)
    Source code(zip)
  • v0.6.0(Jul 11, 2018)

    Features

    • Added autofocus for login field
    • Added fine grained permission management
    • Updated Bootstrap and jQuery to newest versions
    • Added Icons instead of images

    Bugfixes

    • Export of founds of binary hashlists fixed
    • DB Connection check during installation is now tested correctly
    Source code(tar.gz)
    Source code(zip)
  • v0.5.1(Mar 27, 2018)

    Bugfixes

    • Fixed missing file assignments when applying preconfigured tasks from hashlists view (issue #354)
    • Fixed cracker binary relation error when applying supertasks from hashlist view
    • Fixed XSS vulnerability with the login forward variable
    • Session cookies have the httpOnly flag set
    • Fixed file upload which allowed upload of file:// data and reading it
    • Fixed renaming of files which allowed renaming them to other directories and execute them
    • Fixed renaming/uploading of files which allowed to override hidden files (e.g. .htaccess file)
    Source code(tar.gz)
    Source code(zip)
  • v0.5.0(Mar 22, 2018)

    Large Update

    • Complete task management backend rewritten
    • Improved performance when handling cracked hashes
    • Added Groups for more detailed access control
    • Including new python client
    • Compatibility with generic crackers
    • More configuration options added
    • Cracker version management changed

    New Features

    • Tasks now have a cracks per minute performance based on total spent time

    Bugfixes

    • Fixed dependency problem on user deletion
    • Fixed issue when agents got deleted which had completed at least one chunk
    • Fixed conflicts on $_POST data agent vs. agentId
    • Fixed ETA and spent time for tasks
    • Error message which was always shown when adding new hash types fixed
    Source code(tar.gz)
    Source code(zip)
  • 0.5.0-rc1(Mar 2, 2018)

    Large Update

    • Complete task management backend rewritten
    • Improved performance when handling cracked hashes
    • Added Groups for more detailed access control
    • Including new python client
    • Compatibility with generic crackers
    • More configuration options added
    • Cracker version management changed

    Bugfixes

    • Error message which was always shown when adding new hash types fixed

    Please note

    Due to a current change of Hashcat 4.1.0 in relative paths on windows, Hashcat 4.1.0 on windows can currently NOT be used with Hashtopolis. Lower versions and other operating systems should run without problems.

    Source code(tar.gz)
    Source code(zip)
  • v0.4.3(Oct 21, 2017)

    New Features

    • Added telegram bot notification
    • Supertasks can now also be applied when viewing hashlist details (similar to preconfigured tasks)

    Bugfixes

    • Notification display fixed
    • Updated problem where agents were looping when tasks go over 100%

    Technical

    • Fixed warnings during found import
    • Fixed edge case where it could happen that agents started to loop after a task when no new task was available
    • Pre-crack import warns when too long plaintexts are in the import file
    • Implemented missing ownAgentError notification execution
    Source code(tar.gz)
    Source code(zip)
  • v0.4.2(Jul 31, 2017)

    New Features

    • Supertask imports can now be set to be small tasks for every subtask

    Bugfixes

    • Fixed broken agent download

    Technical

    • Typos in constants fixed
    • Tasks can also be deleted from the detailed view
    • Fixed update to 0.4.0 when adding taskType column
    • Supertasks are getting default priority from the subtasks
    • Fixed DBA issue with handling invalid input
    • Fixed additional vulnerabilities reported
    Source code(tar.gz)
    Source code(zip)
  • v0.4.1(Jul 27, 2017)

  • v0.4.0(Jul 22, 2017)

    New Features

    • Renewed status page, gives now JSON formatted information which can be parsed however the user wants to.
    • added search page to search for hashes and plains
    • '-r' is now automatically prepended when selecting rule files on task creation
    • added help page with some helpful links
    • Left hashlists can be downloaded now
    • Added Yubikey OTP login
    • Supertasks added
    • HCmask style can be imported

    Technical

    • DB connection details now are stored in a file which is not in repository (a template is provided instead). This avoids conflicts on updates in inc/load.php
    • Hash length is increased to 1024 (old 512)
    • Added special case when handling pre-crack import of WPA as they are not matched via the hash but the ESSID instead.
    • Added new hashtypes from Hashcat
    • Server hostname can be overridden in config

    Client

    • Client updated to version 0.43.19
    • Fixed debug not showing hashcat parameters on calls
    • Improve error handling on keyspace measuring, client will now signal the server to pause agent instead of crash
    • Added more information for task assigning, client will now display task and hashlist on task get
    • Fixed slow file downloading issue
    • Changed the way hashcat version is queried (should work properly on linux/mac)
    Source code(tar.gz)
    Source code(zip)
  • v0.3.2(Apr 24, 2017)

    Client

    • Client updated to version 0.43.13

    Client updates:

    • Added support for rejected variable from hashcat 3.5.0 (backwards compatible)
    • Adjust TLS and SSL3 flags for better compatibility on strict enforcement
    • Added hashcat update checks between chunks (no client restarts needed)
    • Prettify the status outputs and display more information between tasks
    • Fixed a crash/loop when multiple cracks in WPA
    • Adjusted the way hashcat binary is queried for the version
    • Increased json processing limit to 2GB streams

    Bugfixes

    • fixed not sending notifications when using pre-task creation from hashlist details view
    • 'Delete Finished' button now deletes also tasks of hashlists which are completely cracked
    • on user deletion depending sessions now also get deleted
    • fixed problems on task assignment where priorities were compared wrong
    • clear all doesn't fail anymore when task list is empty
    • fixed problem that on small tasks multiple agents got assigned and assignments were deleted immediately
    • fixed issue that some agents suddenly got a very large chunk

    Features

    • Added possibility to change isCpuOnly and isSmall on tasks after creation

    Technical

    • removed old installation code which was used to upgrade Hashtopus to Hashtopussy 0.1.0
    • reduced size of task progress image
    Source code(tar.gz)
    Source code(zip)
  • v0.3.1(Mar 19, 2017)

    Update for version 0.3.0 containing some bugfixes and improvements.

    Client updates (0.43.7):

    • Fixed bug with zapping (incorrect zap path)
    • Aligned % to 2 decimal places
    • Aligned speed to 2 decimal places
    • Display message when no new task and getting chunk
    • Added consume for stop signal from server (when HL is fully cracked)
    • Workaround to force progress to be 100 when STATUS4 from hashcat (possible race condition in hashcat may not guarantee this via the readout)
    Source code(tar.gz)
    Source code(zip)
  • v0.3.0(Mar 15, 2017)

    Included:

    • tasks can skip a given keyspace at the beginning
    • chunk activity is now paged for large number of chunks
    • added notifications
    • completed working zap feature
    • various bug fixes
    Source code(tar.gz)
    Source code(zip)
  • v0.2.0-rc1(Mar 6, 2017)

    Containing all new features which will be contained in v0.2.0:

    • changeable MySQL port
    • renaming of files
    • WPA and other binary hashes working
    • various bugfixes
    Source code(tar.gz)
    Source code(zip)
  • v0.2.0-beta(Mar 2, 2017)

Run multiple websites using the same Laravel installation while keeping tenant specific data separated for fully independent multi-domain setups, previously github.com/hyn/multi-tenant

The unobtrusive Laravel package that makes your app multi tenant. Serving multiple websites, each with one or more hostnames from the same codebase. B

Tenancy 2.4k Jan 3, 2023
Nachricht is an message dispatcher which focuses on distributing workloads

Nachricht Nachricht is a message dispatcher which focuses on distributing workloads. Features Directly dispatch messages Dispatch messages via AMQP au

JTL Software 1 Jan 18, 2022
Run multiple websites using the same Laravel installation while keeping tenant specific data separated for fully independent multi-domain setups.

Tenancy for Laravel Enabling awesome Software as a Service with the Laravel framework. This is the successor of hyn/multi-tenant. Feel free to show su

Tenancy 1.1k Dec 30, 2022
Easy alignment of multiple selections and multi-line selections

Sublime Alignment A simple key-binding for aligning multi-line and multiple selections in Sublime Text 2. Please see http://wbond.net/sublime_packages

Will Bond 516 Dec 28, 2022
Run multiple websites using the same Laravel installation while keeping tenant specific data separated for fully independent multi-domain setups, previously

Run multiple websites using the same Laravel installation while keeping tenant specific data separated for fully independent multi-domain setups, previously

Tenancy 2.4k Jan 3, 2023
A Laravel package that allows you to use multiple ".env" files in a precedent manner. Use ".env" files per domain (multi-tentant)!

Laravel Multi ENVs Use multiple .envs files and have a chain of precedence for the environment variables in these different .envs files. Use the .env

Allyson Silva 48 Dec 29, 2022
This is a plugin written in the PHP programming language and running on the PocketMine platform that works stably on the API 3.25.0 platform. It helps to liven up your server with Tags!

General This is a plugin written in the PHP programming language and running on the PocketMine platform that works stably on the API 3.25.0 platform.

Thành Nhân 4 Oct 21, 2021
Invoices, Expenses and Tasks built with Laravel and Flutter

Invoice Ninja Hosted | Self-Hosted We're on Slack, join us at slack.invoiceninja.com or if you like StackOverflow Just make sure to add the invoice-ni

Invoice Ninja 6.8k Dec 26, 2022
Foreman is a Laravel scaffolding application that automates common tasks you typically perform with each new Laravel app you create

Foreman is a Laravel scaffolding application that automates common tasks you typically perform with each new Laravel app you create. The directives you want Forman to perform are outlined in a JSON based template file.

Indatus 145 Apr 13, 2022
A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks.

SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an

Pádraic Brady 131 Oct 30, 2022
This is a laravel 4 package for the server and client side of datatables at http://datatables.net/

Datatable Important This package will not receive any new updates! You can still use this package, but be preparared that there is no active developme

Nils Plaschke 388 Dec 30, 2022
Automatic multi-tenancy for Laravel. No code changes needed.

Tenancy for Laravel — stancl/tenancy Automatic multi-tenancy for your Laravel app. You won't have to change a thing in your application's code. ✔️ No

Samuel Štancl 2.7k Jan 3, 2023
Tiny hands is a Laravel multi-tenant boilerplate with SPA and i18n.

About Tiny Hands Tiny hands is a Laravel multi-tenant boilerplate with SPA and i18n using the following technology stack: Backend Laravel 8.0 API with

Bertrand Kintanar 12 Jun 23, 2022
🧙‍♀️ Arcanist takes the pain out of building multi-step form wizards in Laravel.

Installation Arcanist requires PHP 8 and Laravel 8. composer require laravel-arcanist/arcanist Documentation You can find the full documentation here

Arcanist 378 Jan 3, 2023
Multi theme support for Laravel application

Multi theme support for Laravel application This Laravel package adds multi-theme support to your application. It also provides a simple authenticatio

QiroLab 287 Dec 29, 2022
A Laravel extension for using a laravel application on a multi domain setting

Laravel Multi Domain An extension for using Laravel in a multi domain setting Description This package allows a single Laravel installation to work wi

null 658 Jan 6, 2023
Laravel-Mix helper for projects with complex & multi assets.

Laravel-Mix helper for projects with complex & multi assets. ?? Getting started Since mix introduced in laravel 5.4 it is recommended to use this pack

Fandogh 27 Oct 4, 2022
Support multi theme for Laravel application

Very short description of the package This is where your description should go. Try and limit it to a paragraph or two, and maybe throw in a mention o

Ephraïm SEDDOR 1 Dec 1, 2021
Rinvex Tenantable is a contextually intelligent polymorphic Laravel package, for single db multi-tenancy.

Rinvex Tenants is a contextually intelligent polymorphic Laravel package, for single db multi-tenancy. You can completely isolate tenants data with ease using the same database, with full power and control over what data to be centrally shared, and what to be tenant related and therefore isolated from others.

Rinvex 80 Oct 21, 2022