- Remove 6 duplicate per-version pytest workflows (matrix build covers all)
- Pin GitHub Actions to SHA hashes with version comments
- Add persist-credentials: false to checkout steps
- Replace mypy with ty for type checking (faster, stricter)
- Pin dev deps to exact versions (ty==0.0.17, ruff==0.15.1, pytest==9.0.2, pytest-cov==7.0.0)
- Remove types-* stub packages (ty doesn't need them)
- Remove stale [dependency-groups] section from pyproject.toml
- Update shell scripts to use set -euo pipefail
- Add prek.toml for git hook management (pre-push, post-commit)
- Add lint-infra.yml workflow (shellcheck + actionlint)
- Fix actionlint warning: pass github.head_ref through env var
- Track CLAUDE.md and .claude/ scripts in git
- Update README.md and Makefile references from mypy to ty
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The PassGPT training device menu now uses _detect_device() to default
to the best available device (CUDA > MPS > CPU) rather than always
defaulting to CUDA, which fails on systems without NVIDIA GPUs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The env var was only set in the subprocess scripts (passgpt_generate.py,
passgpt_train.py) but not in main.py, where torch/transformers are imported
at module level. This ensures telemetry is disabled before any HF-related
imports and is inherited by spawned subprocesses.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
PassGPT generate/train scripts now accept --debug to log HuggingFace HTTP
requests. Version-bump workflow creates a GitHub Release (not just a tag)
so check_for_updates can find /releases/latest. Bump logic now uses minor
for feat/ branches and patch for everything else.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Enable urllib3 debug logging when --debug is active so all requests
made via the requests library are visible on stderr.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Show estimated training times for CUDA/MPS/CPU before starting a
training run. Add device selection prompt with cuda as the default.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Training previously loaded entire wordlists into RAM and tokenized all at
once, causing OOM on large files like rockyou.txt. This adds memory
estimation, lazy dataset loading, and training optimizations.
- Add _get_available_memory_mb() for cross-platform RAM detection
- Add _estimate_training_memory_mb() to predict peak usage before loading
- Replace bulk tokenization with LazyPasswordDataset (file offset index + on-the-fly tokenization)
- Add --max-lines flag to limit training to first N lines
- Add --memory-limit flag to auto-tune --max-lines based on available RAM
- Enable gradient checkpointing and gradient accumulation (steps=4)
- Enable fp16 on CUDA devices
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add ability to fine-tune PassGPT models on custom password wordlists.
Models save locally to ~/.hate_crack/passgpt/ with no data uploaded to
HuggingFace (push_to_hub=False, HF_HUB_DISABLE_TELEMETRY=1). The
PassGPT menu now shows available models (default + local fine-tuned)
and a training option. Adds datasets to [ml] deps and passgptTrainingList
config key.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add optional startup version check against GitHub releases (check_for_updates config option)
- Add packaging dependency for version comparison
- Fix PassGPT OOM on MPS by capping batch size to 64 and setting memory watermark limits
- Fix PassGPT output having spaces between every character
- Hide PassGPT menu item (17) unless torch/transformers are installed
- Fix mypy errors in passgpt_generate.py with type: ignore comments
- Update README with version check docs, optional ML deps section, and PassGPT CLI options
- Add test_version_check.py with 8 tests covering update check behavior
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add PassGPT as attack mode 17, using a GPT-2 model trained on leaked
password datasets to generate candidate passwords. The generator pipes
candidates to hashcat via stdin, matching the existing OMEN pipe pattern.
- Add standalone generator module (python -m hate_crack.passgpt_generate)
- Add [ml] optional dependency group (torch, transformers)
- Add config keys: passgptModel, passgptMaxCandidates, passgptBatchSize
- Wire up menu entries in main.py, attacks.py, and hate_crack.py
- Auto-detect GPU (CUDA/MPS) with CPU fallback
- Add unit tests for pipe construction, handler, and ML deps check
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OMEN uses lowercase `makefile` which was missed by the capital-M check.
On case-sensitive filesystems (Linux) this meant OMEN wouldn't be built
during `make submodules`.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The handler was prompting for training source and max candidates even
when the OMEN binaries weren't built, leading to confusing error output.
Now checks for createNG and enumNG up front and returns with a build
instruction if either is missing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add OMEN (Ordered Markov ENumerator) as a probability-ordered password
candidate generator. Trains n-gram models on leaked passwords via
createNG, then pipes candidates from enumNG into hashcat.
Also fix a pre-existing bug where ensure_binary() used quit(1) instead
of sys.exit(1) - quit() closes stdin before raising SystemExit, which
caused "ValueError: I/O operation on closed file" when any optional
binary check failed and the program continued to use input().
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Reuses existing _count_computer_accounts() and _filter_computer_accounts()
to optionally strip computer accounts before NetNTLM deduplication.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add TestE2EPreprocessingFlow class that simulates the exact main()
preprocessing logic (format detection, filtering, NT/LM extraction)
with realistic secretsdump.py output. Covers: filter accept/decline,
no computers, all computers, LM hash detection, domain\computer$
format.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Catch PermissionError/OSError in file operations (not just FileNotFoundError)
- Refactor _dedup_netntlm_by_username to two-pass streaming (memory safe)
- Handle CRLF line endings in filter and dedup functions
- Add KeyboardInterrupt handling with temp file cleanup during preprocessing
- Track .filtered/.dedup temp files for cleanup on interruption
- Add CRLF line ending tests for both filter and dedup
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add TestWriteFieldSortedUnique (7 tests) and TestPwdumpFilterPipeline
(8 tests) covering the full filter -> extract NT/LM pipeline. Add
edge case tests for unicode, BOM, long lines, permissions, and
delimiter handling.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add type hints to _filter_computer_accounts and _dedup_netntlm_by_username
- Fix unclosed file handle when reading hash file for format detection
- Extract _count_computer_accounts helper to eliminate duplicate file reads
- Stream _filter_computer_accounts output instead of collecting in memory
- Only write .dedup file when duplicates actually exist
- Add tests for _count_computer_accounts, malformed lines, and no-file-on-zero-dupes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Detect and optionally filter Windows computer accounts (username
ending with $) from pwdump-format NTLM hash files (type 1000)
- Detect and optionally deduplicate NetNTLMv1/v2 hashes (types
5500/5600) by username, keeping first occurrence
- Add 10 tests covering both features
Fixes#27Fixes#28
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Tests use HATE_CRACK_SKIP_INIT=1 and don't need submodules.
Shallow submodule clones caused flaky CI failures on PR events.
Fixes#72
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Update ollamaModel from qwen2.5 to mistral and ollamaNumCtx from
8192 to 2048 to reflect recent config changes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
download_wordlist() now resolves relative filenames against
get_hcat_wordlists_dir() instead of saving to cwd. Also ensures
the parent directory exists before writing.
Fixes#70
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace the denylist-oriented prompt with a capture-the-flag scenario
prompt that focuses on recovering passwords using industry terms and
company name permutations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The test built its own mock context instead of using the shared
ollama_globals helper, missing the rulesDirectory and hcatPotfilePath
patches. This caused FileNotFoundError on CI where /path/to/hashcat/rules
doesn't exist.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add LLM Attack (option 15) to menu listing and attack descriptions,
document Ollama config keys, fix broken code block, update pre-push
hook example, add make update target, and correct CI Python versions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Mock rulesDirectory in ollama test fixture so hcatOllama doesn't
fail with FileNotFoundError on CI where /path/to/hashcat/rules
doesn't exist
- Mock potfile path in hashview auto-merge test so found file cleanup
isn't blocked by missing ~/.hashcat directory
- Update pre-push hook to match CI env vars (HATE_CRACK_SKIP_INIT=1)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Strip .postN.devN and .dYYYYMMDD suffixes from setuptools-scm version
in __init__.py so the banner displays a clean version like 2.0+g05b5d6dc7.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
