Commit Graph

393 Commits

Author SHA1 Message Date
Justin Bollinger abe8f2ae73 fix: resolve CI test failures in ollama and hashview tests
- Mock rulesDirectory in ollama test fixture so hcatOllama doesn't
  fail with FileNotFoundError on CI where /path/to/hashcat/rules
  doesn't exist
- Mock potfile path in hashview auto-merge test so found file cleanup
  isn't blocked by missing ~/.hashcat directory
- Update pre-push hook to match CI env vars (HATE_CRACK_SKIP_INIT=1)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
v2.0
2026-02-13 22:15:48 -05:00
Justin Bollinger b56a91fef1 fix: clean version string to show 2.0+g<hash> format
Strip .postN.devN and .dYYYYMMDD suffixes from setuptools-scm version
in __init__.py so the banner displays a clean version like 2.0+g05b5d6dc7.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 22:11:31 -05:00
Justin Bollinger 05b5d6dc7a fix: use no-guess-dev version scheme to keep 2.0 base version
Prevents setuptools-scm from bumping to 2.1 on dirty builds.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 22:06:53 -05:00
Justin Bollinger f6a6e508ee fix: update ollama tests to match refactored target-only handler
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 22:01:33 -05:00
Justin Bollinger 399c1639db feat: auto-derive version from git tags using setuptools-scm
Replace hardcoded version with setuptools-scm so the version updates
automatically from git tags. The ASCII banner strips the dirty date
suffix but preserves the git node hash.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 21:58:17 -05:00
Justin Bollinger d59be81c48 chore: update default Ollama model to qwen2.5 with num_ctx 8192
Benchmarking showed qwen2.5 at 8192 context is the best default for
speed/quality balance.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 21:04:43 -05:00
Justin Bollinger 56cf40ba29 feat: add Ollama model benchmark script with context window tuning
Standalone tool to compare multiple Ollama models for password candidate
generation. Tests each model at multiple num_ctx values (default: 2048,
8192, 32768) to find the speed/quality sweet spot.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 21:01:19 -05:00
Justin Bollinger 4dba73e0c9 refactor: simplify Ollama attack to target-based generation only
Remove wordlist-based generation option and menu selection. The LLM
attack now goes directly to target-based prompts (company, industry,
location).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 20:28:26 -05:00
Justin Bollinger 164a17003c refactor: use cracked .out file as sole wordlist source for Ollama attack
Remove ollamaWordlist config key and all references. Wordlist mode now
requires the cracked hashes .out file to exist and extracts passwords
by splitting on the first colon. Detect Ollama refusal responses and
abort gracefully. Update tests accordingly.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 20:04:11 -05:00
Justin Bollinger 1035287d4e feat: send full wordlist to Ollama with configurable num_ctx
Remove 500-line wordlist cap and send the entire file to Ollama.
Add ollamaNumCtx config key (default 32768) to control the context
window size. Invert wordlist prompt to default-yes, remove unused
ollamaCandidateCount config.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 19:33:23 -05:00
Justin Bollinger 88d786d9aa refactor: rename Markov LLM attack to Ollama attack and simplify interface
Rename markov_attack → ollama_attack and hcatMarkov → hcatOllama across
menu, attacks, and tests. Remove candidate count prompts and cracked-output
default wordlist logic. Rename config keys (markov* → ollama*) and drop
ollamaUrl. Fix Dockerfile.test to use granular build steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 19:17:50 -05:00
Justin Bollinger 2cb54beecb fix: overhaul Hashview download flow and fix hashcat --show stderr pollution
- Merge download_left and download_found into single "Download Hashes" menu option
- Append found hash:clear pairs to potfile instead of running broken hashcat re-crack
- Append found hashes to left file so hashcat --show returns full results
- Clean up found_ temp files after merge
- Split found file on first colon (not last) to handle passwords containing colons
- Filter hashcat parse errors from --show stdout in _run_hashcat_show
- Add get_hcat_potfile_path() helper to api.py for potfile resolution
- Remove obsolete download_found_hashes API method and CLI subcommand
- Fix ollama tests to match current 4-arg hcatOllama signature and rule loop

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 19:11:51 -05:00
Justin Bollinger f420de5421 feat: add --debug logging for Ollama request/response in hcatMarkov
Log the API URL, request payload, raw response JSON, and filtered
candidate counts when debug_mode is active.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 16:52:00 -05:00
Justin Bollinger fe384641df feat: default Markov LLM wordlist to cracked hashes output
When the cracked hashes output file (.out) exists, use it as the default
wordlist for the LLM Markov attack instead of the generic markovWordlist
config. This makes the attack learn from already-cracked passwords for
the current engagement, falling back to config when no cracked output
exists.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 16:01:44 -05:00
Justin Bollinger 371fca1228 feat: add LLM Markov Attack (menu option 15)
Add a new attack mode that uses a local LLM via Ollama to generate
password candidates, converts them into hashcat .hcstat2 Markov
statistics via hcstat2gen, and runs a Markov-enhanced mask attack.

Two generation sub-modes:
- Wordlist-based: feeds sample from an existing wordlist to the LLM
  as pattern context (config-selectable default with Y/N override)
- Target-based: prompts for company name, industry, and location
  for contextual password generation

Pipeline: Ollama API -> candidate file -> hcstat2gen -> LZMA compress
-> hashcat -a 3 --markov-hcstat2

Config additions: ollamaUrl, ollamaModel, markovCandidateCount,
markovWordlist. No new pip dependencies (uses stdlib urllib/lzma).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 13:13:39 -05:00
Justin Bollinger 55b7f0fc62 fix: separate hcatPath (hashcat dir) from hate_path (asset dir)
hcatPath now exclusively points to the hashcat install directory and is
auto-discovered from PATH when not configured. hate_path is resolved
from the package directory (installed) or repo root (development) with
no auto-discovery. Extracted vendor-assets/clean-vendor Makefile targets
to deduplicate the install logic.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-12 20:23:12 -05:00
larry.spohn fa66b2cf2f fix: resolve hashcat binary path from hcatPath + hcatBin
When hcatBin is a relative name (e.g. "hashcat"), construct the full
path by joining hcatPath and hcatBin so the correct hashcat binary is
used instead of relying on PATH resolution.
2026-02-12 13:56:29 -05:00
Justin Bollinger 03ae077512 docs: update README with current attacks and features 2026-02-10 11:56:14 -05:00
Justin Bollinger fbe2fc7226 fix: remove switch prompt from download_found hashview option
The download_found option downloads already-cracked hashes (with cleartext
passwords). These cannot be used for cracking, so the 'Switch to this hashfile
for cracking?' prompt is inappropriate and confusing.

The switch prompt is kept for download_left since those are uncracked hashes
that can be cracked.

- Remove the switch-to-cracking prompt from download_found flow
- Add clarifying message that found hashes are already cracked
- Align with intended behavior: download_left prompts to switch, download_found just downloads
2026-02-10 10:46:28 -05:00
Justin Bollinger d683f839e2 fix: exclude submodule directories from mypy checks and update pre-push hook
- Add HashcatRosetta and hashcat-utils to mypy exclude patterns in pyproject.toml
- Update .github/workflows/mypy.yml to exclude submodule directories
- Update pre-push hook to exclude submodules and use consistent mypy flags
- Set ignore_missing_imports=true to handle external dependencies gracefully
- Ensure pre-push hook permissions are set correctly (executable)

Fixes mypy check failures caused by missing hashcat_rosetta.formatting stub.
2026-02-10 10:24:51 -05:00
Justin Bollinger 775952e7ef Update menu text for option 91 to show 'Analyze Hashcat Rules' 2026-02-10 09:21:44 -05:00
Justin Bollinger efc25c335a Apply ruff formatting fixes
- Fix line length and formatting in hate_crack/api.py
- Fix line wrapping and f-string formatting in hate_crack/attacks.py
- Apply code style improvements in hate_crack/main.py
- Format test files for consistency
- All changes applied via 'ruff check --fix'
2026-02-09 20:08:51 -05:00
Justin Bollinger e40080676e Add menu option 91 for rule analysis using HashcatRosetta 2026-02-09 20:02:52 -05:00
Justin Bollinger 80106f1aa4 Update HashcatRosetta submodule to latest version with rule analysis features 2026-02-09 19:58:58 -05:00
Justin Bollinger a89c7c3fce Add HashcatRosetta as a submodule for rule analysis functionality 2026-02-09 19:58:04 -05:00
Justin Bollinger 90696278d3 added debug options 2026-02-09 14:30:37 -05:00
Justin Bollinger 1fab01d444 updated documentation 2026-02-06 19:51:48 -05:00
Justin Bollinger 210a4006f5 removed extended expander 2026-02-06 19:37:39 -05:00
Justin Bollinger 0683c86c54 fingerprint: select expander length and optionally run hybrid on expanded 2026-02-06 16:44:11 -05:00
Justin Bollinger 59cbad7890 working loopback mode with tests 2026-02-06 15:06:25 -05:00
Justin Bollinger 40172c8df9 updated loopback logic and added testing 2026-02-06 14:37:37 -05:00
Justin Bollinger 4f51ce7379 updated loopback logic and added testing 2026-02-06 14:36:15 -05:00
Justin Bollinger 75f39123f1 Remove badge status explanations from README
Removed explanations for badge statuses in the README.
2026-02-06 09:51:28 -05:00
Justin Bollinger 45c78d6a7c ci: add individual badges for each Python version (3.9-3.14)
- Create separate workflow files for Python 3.9, 3.10, 3.11, 3.12, 3.13, 3.14
- Each Python version gets its own status badge
- Easily track which version(s) are failing tests
- Update README to display all 6 Python version badges
- Badges are clickable and link to individual workflow results
- Maintain pytest.yml as combined multi-version workflow
2026-02-06 09:50:32 -05:00
Justin Bollinger d34aae8cb2 ci: split tests workflow into separate ruff, mypy, and pytest workflows
- Create individual workflow files for ruff, mypy, and pytest
- Each workflow has its own status badge for independent monitoring
- Ruff badge shows code quality status
- Mypy badge shows type checking status
- Pytest badge shows multi-version testing status
- Update README with all three badges and clear status documentation
- Remove combined tests.yml in favor of granular workflows
2026-02-06 09:49:30 -05:00
Justin Bollinger 74857f061e ci: add multi-version Python testing and status banners
- Separate lint job for ruff and mypy checks on Python 3.13
- Add pytest matrix strategy to test Python 3.9 through 3.14
- Add GitHub Actions status badge to README
- Document CI/CD pipeline and what each check does
- Include pass/fail criteria for linting, type checking, and testing
- Link to Actions tab for detailed workflow results
2026-02-06 09:46:26 -05:00
Justin Bollinger 605ec28fd7 test: improve live test to skip gracefully when server unavailable
- Add server reachability check before attempting connection
- Test skips if Hashview server is not available on localhost:5000
- Prevents test failures when HASHVIEW_TEST_REAL env var is set but server isn't running
- Allows test to succeed when Docker/server is available and configured
2026-02-06 09:43:49 -05:00
Justin Bollinger 742529962a test: improve live test to skip gracefully when server unavailable
- Add server reachability check before attempting connection
- Test skips if Hashview server is not available on localhost:5000
- Prevents test failures when HASHVIEW_TEST_REAL env var is set but server isn't running
- Allows test to succeed when Docker/server is available and configured
2026-02-06 09:43:23 -05:00
Justin Bollinger 56dd272e75 test: update CLI menu test strings to match recent changes
The Hashview menu has been updated:
- Old: 'Available Customers'
- New: 'What would you like to do?'

Updated test to check for the current menu text that displays
when using the --hashview flag.
2026-02-06 09:39:07 -05:00
Justin Bollinger e51d1f7c59 build: add dev-install and dev-reinstall targets to Makefile
- Add 'make dev-install' to install project with [dev] dependencies
- Add 'make dev-reinstall' to uninstall and reinstall with dev deps
- Convenient way for developers to get linters and type checkers
2026-02-06 09:36:50 -05:00
Justin Bollinger 907be19d24 docs: add Development section to README
- Document how to install dev dependencies
- Provide commands for running ruff and mypy locally
- Include pre-push hook example for automated checks
- List all included dev dependencies
- Help contributors run checks before pushing
2026-02-06 09:35:20 -05:00
Justin Bollinger cabefe5b26 refactor: add optional dev dependencies and mypy configuration
- Add optional [dev] dependency group with mypy, ruff, pytest, and type stubs
- Include types-requests, types-beautifulsoup4, and types-openpyxl
- Add mypy config to exclude submodule directories
- Update GitHub workflow to install with optional dev dependencies
- Remove --ignore-missing-imports flag from mypy for stricter type checking
2026-02-06 09:34:38 -05:00
Justin Bollinger 16f92a0f71 fix: resolve mypy import-untyped errors for requests library 2026-02-06 09:31:17 -05:00
Justin Bollinger b1cf4d3e43 ruff fixes 2026-02-06 09:29:13 -05:00
Justin Bollinger 14ce2cb300 ruff fixes 2026-02-06 09:14:33 -05:00
Justin Bollinger b52d856d7b download wordlists testing 2026-02-05 17:36:46 -05:00
Justin Bollinger b16c3a1d26 fixed wordlist download and unit testing for live api 2026-02-05 16:32:17 -05:00
Justin Bollinger c1d5658dd6 automatic hash_id detection via api for hashview hashes and updated tests. 2026-02-05 15:39:08 -05:00
Justin Bollinger 092b63f82c automatic hash_id detection via api for hashview hashes 2026-02-05 14:56:27 -05:00
Justin Bollinger 0c0690e2ef lots of refactoring around the menues and building out test cases 2026-02-05 13:52:06 -05:00