Commit Graph

52 Commits

Author SHA1 Message Date
Justin Bollinger 95ff888f51 docs: update README with OMEN fix and issues #80, #81, #82 2026-03-17 15:07:02 -04:00
Justin Bollinger d16999bdbd fix: replace uv tool install with bash shim for reliable config resolution
Config and assets were not found when running hate_crack from outside the
repo directory. The shim uses `uv run --directory` to always execute from
the repo root, and _candidate_roots() now includes _repo_root and
_package_path as fallback search locations.
2026-03-17 12:45:19 -04:00
Justin Bollinger 0dbe593660 docs: update README with recent bug fixes in version history 2026-03-16 14:33:43 -04:00
Justin Bollinger 6022ca0455 refactor: remove vendor-assets wheel build flow, use editable install
- Remove vendor-assets and clean-vendor Makefile targets
- Lima VM test and Dockerfile.test now use make install (editable)
- Remove hate_crack/hashcat-utils from submodules-pre expander generation
- Update README to reflect no-vendoring install
2026-03-16 11:50:32 -04:00
Justin Bollinger 8c5891ba42 docs: add troubleshooting for master-to-main branch rename error 2026-03-16 11:25:51 -04:00
Justin Bollinger eb3119747b chore: remove hashcat submodule
hashcat is now a system dependency (installed via apt/brew or PATH) rather
than a compiled submodule. The Lima VM provision script installs it via apt,
and local installs are expected to have hashcat available in PATH.

- Remove hashcat entry from .gitmodules
- Remove hashcat/ submodule checkout
- Remove hashcat submodule skip logic from Makefile submodules target
- Simplify submodules-pre hashcat check to PATH-only
- Update vendor-assets and clean targets to remove submodule references
- Update README: hashcat is now a required prerequisite, not optional
- Document Lima VM E2E prerequisites (lima, rsync) and list all packages
  provisioned automatically by the test VM
2026-03-06 15:51:10 -05:00
Justin Bollinger aa9d326e2d chore: remove GitHub Actions workflows
Quality checks run locally via prek pre-push hooks. CI workflows
(ruff, ty, pytest, lint-infra, version-bump) are no longer needed.
Updated docs to remove all GitHub Actions references.
2026-03-03 14:42:57 -05:00
Justin Bollinger 613c16e567 refactor: remove PassGPT attack (option 17)
Remove the ML-based PassGPT password generation feature entirely:
modules, config keys, [ml] optional dependency group, menu entries,
tests, and documentation.
2026-03-03 14:31:41 -05:00
Justin Bollinger 3b2778026c docs: rewrite TESTING.md and update README git hooks section 2026-03-02 17:41:56 -05:00
Justin Bollinger a4f50100d8 fix: add 'repository directory' to README hcatPath note
Satisfies test_readme_documents_correct_usage assertion.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-20 18:35:12 -05:00
Justin Bollinger de2b400f6d chore: align CI and tooling with global development standards
- Remove 6 duplicate per-version pytest workflows (matrix build covers all)
- Pin GitHub Actions to SHA hashes with version comments
- Add persist-credentials: false to checkout steps
- Replace mypy with ty for type checking (faster, stricter)
- Pin dev deps to exact versions (ty==0.0.17, ruff==0.15.1, pytest==9.0.2, pytest-cov==7.0.0)
- Remove types-* stub packages (ty doesn't need them)
- Remove stale [dependency-groups] section from pyproject.toml
- Update shell scripts to use set -euo pipefail
- Add prek.toml for git hook management (pre-push, post-commit)
- Add lint-infra.yml workflow (shellcheck + actionlint)
- Fix actionlint warning: pass github.head_ref through env var
- Track CLAUDE.md and .claude/ scripts in git
- Update README.md and Makefile references from mypy to ty

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 12:42:51 -05:00
Justin Bollinger 41b51818c1 feat: auto-bump patch version on PR merge to main
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-18 14:58:47 -05:00
Justin Bollinger 56aaa9b47d feat: add PassGPT model fine-tuning and training menu integration
Add ability to fine-tune PassGPT models on custom password wordlists.
Models save locally to ~/.hate_crack/passgpt/ with no data uploaded to
HuggingFace (push_to_hub=False, HF_HUB_DISABLE_TELEMETRY=1). The
PassGPT menu now shows available models (default + local fine-tuned)
and a training option. Adds datasets to [ml] deps and passgptTrainingList
config key.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-18 09:51:06 -05:00
Justin Bollinger 4a7f0724d9 feat: add startup version check, fix PassGPT MPS/output issues, hide menu without ML deps
- Add optional startup version check against GitHub releases (check_for_updates config option)
- Add packaging dependency for version comparison
- Fix PassGPT OOM on MPS by capping batch size to 64 and setting memory watermark limits
- Fix PassGPT output having spaces between every character
- Hide PassGPT menu item (17) unless torch/transformers are installed
- Fix mypy errors in passgpt_generate.py with type: ignore comments
- Update README with version check docs, optional ML deps section, and PassGPT CLI options
- Add test_version_check.py with 8 tests covering update check behavior

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-18 09:32:40 -05:00
Justin Bollinger 87535b9828 feat: add PassGPT attack (#17) - GPT-2 based ML password generator
Add PassGPT as attack mode 17, using a GPT-2 model trained on leaked
password datasets to generate candidate passwords. The generator pipes
candidates to hashcat via stdin, matching the existing OMEN pipe pattern.

- Add standalone generator module (python -m hate_crack.passgpt_generate)
- Add [ml] optional dependency group (torch, transformers)
- Add config keys: passgptModel, passgptMaxCandidates, passgptBatchSize
- Wire up menu entries in main.py, attacks.py, and hate_crack.py
- Auto-detect GPU (CUDA/MPS) with CPU fallback
- Add unit tests for pipe construction, handler, and ML deps check

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-18 08:41:22 -05:00
Justin Bollinger ae47d453c0 docs: add OMEN attack documentation to README
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 15:44:31 -05:00
Justin Bollinger ea4cb6c0fa docs: update README Ollama defaults to match config
Update ollamaModel from qwen2.5 to mistral and ollamaNumCtx from
8192 to 2048 to reflect recent config changes.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 11:13:47 -05:00
Justin Bollinger b2eb19c130 feat: update LLM attack prompt to CTF-style framing
Replace the denylist-oriented prompt with a capture-the-flag scenario
prompt that focuses on recovering passwords using industry terms and
company name permutations.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 09:36:45 -05:00
Justin Bollinger a96868df71 docs: update README for LLM attack, Ollama config, and accuracy fixes
Add LLM Attack (option 15) to menu listing and attack descriptions,
document Ollama config keys, fix broken code block, update pre-push
hook example, add make update target, and correct CI Python versions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 22:20:19 -05:00
Justin Bollinger 55b7f0fc62 fix: separate hcatPath (hashcat dir) from hate_path (asset dir)
hcatPath now exclusively points to the hashcat install directory and is
auto-discovered from PATH when not configured. hate_path is resolved
from the package directory (installed) or repo root (development) with
no auto-discovery. Extracted vendor-assets/clean-vendor Makefile targets
to deduplicate the install logic.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-12 20:23:12 -05:00
Justin Bollinger 03ae077512 docs: update README with current attacks and features 2026-02-10 11:56:14 -05:00
Justin Bollinger 1fab01d444 updated documentation 2026-02-06 19:51:48 -05:00
Justin Bollinger 59cbad7890 working loopback mode with tests 2026-02-06 15:06:25 -05:00
Justin Bollinger 75f39123f1 Remove badge status explanations from README
Removed explanations for badge statuses in the README.
2026-02-06 09:51:28 -05:00
Justin Bollinger 45c78d6a7c ci: add individual badges for each Python version (3.9-3.14)
- Create separate workflow files for Python 3.9, 3.10, 3.11, 3.12, 3.13, 3.14
- Each Python version gets its own status badge
- Easily track which version(s) are failing tests
- Update README to display all 6 Python version badges
- Badges are clickable and link to individual workflow results
- Maintain pytest.yml as combined multi-version workflow
2026-02-06 09:50:32 -05:00
Justin Bollinger d34aae8cb2 ci: split tests workflow into separate ruff, mypy, and pytest workflows
- Create individual workflow files for ruff, mypy, and pytest
- Each workflow has its own status badge for independent monitoring
- Ruff badge shows code quality status
- Mypy badge shows type checking status
- Pytest badge shows multi-version testing status
- Update README with all three badges and clear status documentation
- Remove combined tests.yml in favor of granular workflows
2026-02-06 09:49:30 -05:00
Justin Bollinger 74857f061e ci: add multi-version Python testing and status banners
- Separate lint job for ruff and mypy checks on Python 3.13
- Add pytest matrix strategy to test Python 3.9 through 3.14
- Add GitHub Actions status badge to README
- Document CI/CD pipeline and what each check does
- Include pass/fail criteria for linting, type checking, and testing
- Link to Actions tab for detailed workflow results
2026-02-06 09:46:26 -05:00
Justin Bollinger 907be19d24 docs: add Development section to README
- Document how to install dev dependencies
- Provide commands for running ruff and mypy locally
- Include pre-push hook example for automated checks
- List all included dev dependencies
- Help contributors run checks before pushing
2026-02-06 09:35:20 -05:00
Justin Bollinger 0c0690e2ef lots of refactoring around the menues and building out test cases 2026-02-05 13:52:06 -05:00
Justin Bollinger f33ca19107 expanded tests and hashview menu changes 2026-02-03 19:28:45 -05:00
Justin Bollinger 847aec9a67 fixed pathing issue 2026-02-01 22:43:44 -05:00
Justin Bollinger 23134be3a0 Revert ancestor asset lookup 2026-02-01 22:41:42 -05:00
Justin Bollinger 4402d3175b Fix uv tool asset lookup 2026-02-01 22:32:24 -05:00
Justin Bollinger 52f8d5ee8b Fix asset path resolution: separate hashcat and hate_crack locations
BREAKING CHANGE: Corrected understanding of hcatPath configuration

- hcatPath should point to hashcat binary location (or omit if in PATH)
- hashcat-utils and princeprocessor are located in hate_crack repo
- Changed code to use hate_path for utilities instead of hcatPath
- Updated error messages to guide users correctly
- Updated README with correct configuration examples
- Asset discovery now properly uses HATE_CRACK_HOME environment variable

This fixes the issue where users had hcatPath pointing to hashcat
installation but the code was looking there for hashcat-utils.
2026-02-01 22:05:27 -05:00
Justin Bollinger 33a20d2540 Improve error handling for misconfigured hcatPath
- Add directory existence check in ensure_binary() before attempting make
- Provide clear error message when build directory doesn't exist
- Add troubleshooting section to README.md explaining common hcatPath mistakes
- Add tests for invalid hcatPath scenario and installed tool execution
- Helps users distinguish between hashcat path and hate_crack path

Fixes issue where users set hcatPath to hashcat installation directory
instead of hate_crack repository directory, causing confusing errors.
2026-02-01 22:02:35 -05:00
Justin Bollinger 83cf6146a2 issue executing hate_crack from make install outside of the install directory 2026-02-01 21:54:33 -05:00
Justin Bollinger 8e6909d602 updated makefile 2026-02-01 20:46:01 -05:00
Justin Bollinger 412d22bff0 Add make test and update testing docs 2026-01-31 23:17:16 -05:00
Justin Bollinger 1f5470b2f3 Expand Docker E2E tests with hashcat crack 2026-01-31 23:01:14 -05:00
Justin Bollinger 14d02eb689 Restore hate_crack package and add E2E install tests 2026-01-31 22:50:51 -05:00
Justin Bollinger 470fe37488 Update README with submodule initialization instructions
Added instructions for initializing submodules if not cloned recursively.
2026-01-27 13:07:03 -05:00
Justin Bollinger ffe1df053f Improve submodule initialization instructions in README
Updated README with clearer instructions for submodule initialization.
2026-01-27 13:06:21 -05:00
Justin Bollinger f78ba88f2b Revise README for cloning, usage, and testing instructions
Updated README to reflect changes in cloning method, usage command, and test execution.
2026-01-27 13:05:32 -05:00
Justin Bollinger 1479f8f7f6 Merge pull request #60 from trustedsec/expander
updated readme
2026-01-27 13:00:45 -05:00
Justin Bollinger daba1bec3f Merge remote-tracking branch 'refs/remotes/origin/main' 2026-01-26 23:28:09 -05:00
Justin Bollinger 40fae1d2b5 code cleanup 2026-01-26 23:27:55 -05:00
Justin Bollinger 3b992b03c9 updated readme 2026-01-26 23:02:31 -05:00
Justin Bollinger cb38444178 automatic rules 2026-01-26 22:57:46 -05:00
Justin Bollinger 5c9ed38f75 cleanup of modules 2026-01-26 14:29:39 -05:00
Justin Bollinger 2668c9646a Version2 initial commits 2026-01-26 13:44:02 -05:00