Quality checks run locally via prek pre-push hooks. CI workflows
(ruff, ty, pytest, lint-infra, version-bump) are no longer needed.
Updated docs to remove all GitHub Actions references.
The hook was forcing Lima VM tests on every push, causing 5-minute timeouts
when limactl has to download the Ubuntu cloud image. The test already has a
skip guard - remove the env var from the hook entry so it stays opt-in.
Ctrl+C at the hashview customer ID prompt called quit_hc(), which calls
cleanup(), but cleanup() assumed hcatHashFileOrig was set. When no hash
file is loaded yet, this caused a TypeError. Now hashview_api returns to
the main menu on KeyboardInterrupt (matching hashmob/weakpass behavior),
and cleanup() guards against None hcatHashFileOrig defensively.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Note the repos-based TOML schema, correct install command, and the
breaking change from the old commands = [...] format.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The old commands = [...] format was a custom schema prek no longer
supports. Rewrite as local-repo hooks (language: system, always_run:
true) matching the pre-commit config schema prek 0.3.3 expects.
Hooks are identical: ruff, ty, pytest, pytest-lima (pre-push) and
audit-docs (post-commit).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The return type dict[str, object] is intentionally more specific than
the generic Dataset[_T_co] base. Suppress the override check; the
class already uses type: ignore[type-arg] for the same reason.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The git push in the Bump version step was failing because
persist-credentials: false strips the GITHUB_TOKEN from the git config.
The existing permissions: contents: write grant is sufficient; restoring
the default (persist-credentials: true) lets the push authenticate.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add Ubuntu 24.04 Lima VM test track that runs hate_crack installation
end-to-end in a real VM, giving higher confidence than Docker-based tests.
- Add lima/hate-crack-test.yaml: Ubuntu 24.04 VM config with hashcat and
build deps pre-installed via apt; uv installed via official installer
- Add tests/test_lima_vm_install.py: mirrors Docker E2E test structure;
uses rsync with targeted excludes (wordlists, compiled host binaries)
and builds wheel directly to avoid setuptools-scm sdist file filtering
- Fix Makefile: add princeprocessor build step with aarch64-compatible
CFLAGS (drops -m64); copy binary to submodule root for vendor-assets
- Add Lima tests to prek.toml pre-push hook
- Document Lima VM tests in TESTING.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Copies the global readme-documentarian agent definition into
.claude/agents/ so it is available project-locally and committed
with the repo.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds a Bash PostToolUse hook that detects the prek documentation audit
warning and injects additionalContext into Claude's session, prompting
it to invoke the readme-documentarian agent automatically.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove .gitmodules from .dockerignore so the build loop can discover
which directories to compile
- Add git to Dockerfile apt installs (needed for git config --file parsing)
- Gate git submodule update --init on .git presence, not .gitmodules;
the compile loop still runs in Docker since .gitmodules is now present
- hashcat skipped in Docker build loop since system hashcat is in PATH
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Removes the need to manually prefix HATE_CRACK_SKIP_INIT=1 when running
make test or make coverage in a dev environment without compiled submodules.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add hashcat as git submodule; compile with make, skip if already in PATH
- Convert princeprocessor from tracked files to git submodule
- Change .DEFAULT_GOAL to install so plain `make` does a full install
- Install uv, Xcode CLT (macOS), build-essential (Debian) if missing
- vendor-assets falls back to system hashcat if submodule not compiled
- Remove hcatOptimizedWordlists; all attacks now use hcatWordlists
- Default hcatWordlists to ./wordlists, rules_directory to ./hashcat/rules
- Default hcatTuning to empty string (no --force --remove)
- Backfill missing config.json keys from config.json.example at startup
- Wrap hcatBin/hcatTuning/hcatWordlists loading in try/except with defaults
- Fall back to vendored hashcat binary at hate_path/hashcat/hashcat
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The /latest/download/ URL redirects to the newest release, but the
filename was hardcoded to 1.7.7. Pin both tag and filename to avoid
breakage on future releases.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove 6 duplicate per-version pytest workflows (matrix build covers all)
- Pin GitHub Actions to SHA hashes with version comments
- Add persist-credentials: false to checkout steps
- Replace mypy with ty for type checking (faster, stricter)
- Pin dev deps to exact versions (ty==0.0.17, ruff==0.15.1, pytest==9.0.2, pytest-cov==7.0.0)
- Remove types-* stub packages (ty doesn't need them)
- Remove stale [dependency-groups] section from pyproject.toml
- Update shell scripts to use set -euo pipefail
- Add prek.toml for git hook management (pre-push, post-commit)
- Add lint-infra.yml workflow (shellcheck + actionlint)
- Fix actionlint warning: pass github.head_ref through env var
- Track CLAUDE.md and .claude/ scripts in git
- Update README.md and Makefile references from mypy to ty
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The PassGPT training device menu now uses _detect_device() to default
to the best available device (CUDA > MPS > CPU) rather than always
defaulting to CUDA, which fails on systems without NVIDIA GPUs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The env var was only set in the subprocess scripts (passgpt_generate.py,
passgpt_train.py) but not in main.py, where torch/transformers are imported
at module level. This ensures telemetry is disabled before any HF-related
imports and is inherited by spawned subprocesses.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
PassGPT generate/train scripts now accept --debug to log HuggingFace HTTP
requests. Version-bump workflow creates a GitHub Release (not just a tag)
so check_for_updates can find /releases/latest. Bump logic now uses minor
for feat/ branches and patch for everything else.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Enable urllib3 debug logging when --debug is active so all requests
made via the requests library are visible on stderr.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Show estimated training times for CUDA/MPS/CPU before starting a
training run. Add device selection prompt with cuda as the default.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Training previously loaded entire wordlists into RAM and tokenized all at
once, causing OOM on large files like rockyou.txt. This adds memory
estimation, lazy dataset loading, and training optimizations.
- Add _get_available_memory_mb() for cross-platform RAM detection
- Add _estimate_training_memory_mb() to predict peak usage before loading
- Replace bulk tokenization with LazyPasswordDataset (file offset index + on-the-fly tokenization)
- Add --max-lines flag to limit training to first N lines
- Add --memory-limit flag to auto-tune --max-lines based on available RAM
- Enable gradient checkpointing and gradient accumulation (steps=4)
- Enable fp16 on CUDA devices
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add ability to fine-tune PassGPT models on custom password wordlists.
Models save locally to ~/.hate_crack/passgpt/ with no data uploaded to
HuggingFace (push_to_hub=False, HF_HUB_DISABLE_TELEMETRY=1). The
PassGPT menu now shows available models (default + local fine-tuned)
and a training option. Adds datasets to [ml] deps and passgptTrainingList
config key.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add optional startup version check against GitHub releases (check_for_updates config option)
- Add packaging dependency for version comparison
- Fix PassGPT OOM on MPS by capping batch size to 64 and setting memory watermark limits
- Fix PassGPT output having spaces between every character
- Hide PassGPT menu item (17) unless torch/transformers are installed
- Fix mypy errors in passgpt_generate.py with type: ignore comments
- Update README with version check docs, optional ML deps section, and PassGPT CLI options
- Add test_version_check.py with 8 tests covering update check behavior
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add PassGPT as attack mode 17, using a GPT-2 model trained on leaked
password datasets to generate candidate passwords. The generator pipes
candidates to hashcat via stdin, matching the existing OMEN pipe pattern.
- Add standalone generator module (python -m hate_crack.passgpt_generate)
- Add [ml] optional dependency group (torch, transformers)
- Add config keys: passgptModel, passgptMaxCandidates, passgptBatchSize
- Wire up menu entries in main.py, attacks.py, and hate_crack.py
- Auto-detect GPU (CUDA/MPS) with CPU fallback
- Add unit tests for pipe construction, handler, and ML deps check
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OMEN uses lowercase `makefile` which was missed by the capital-M check.
On case-sensitive filesystems (Linux) this meant OMEN wouldn't be built
during `make submodules`.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The handler was prompting for training source and max candidates even
when the OMEN binaries weren't built, leading to confusing error output.
Now checks for createNG and enumNG up front and returns with a build
instruction if either is missing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add OMEN (Ordered Markov ENumerator) as a probability-ordered password
candidate generator. Trains n-gram models on leaked passwords via
createNG, then pipes candidates from enumNG into hashcat.
Also fix a pre-existing bug where ensure_binary() used quit(1) instead
of sys.exit(1) - quit() closes stdin before raising SystemExit, which
caused "ValueError: I/O operation on closed file" when any optional
binary check failed and the program continued to use input().
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Reuses existing _count_computer_accounts() and _filter_computer_accounts()
to optionally strip computer accounts before NetNTLM deduplication.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add TestE2EPreprocessingFlow class that simulates the exact main()
preprocessing logic (format detection, filtering, NT/LM extraction)
with realistic secretsdump.py output. Covers: filter accept/decline,
no computers, all computers, LM hash detection, domain\computer$
format.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
