Commit Graph

45 Commits

Author SHA1 Message Date
Justin Bollinger fe384641df feat: default Markov LLM wordlist to cracked hashes output
When the cracked hashes output file (.out) exists, use it as the default
wordlist for the LLM Markov attack instead of the generic markovWordlist
config. This makes the attack learn from already-cracked passwords for
the current engagement, falling back to config when no cracked output
exists.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 16:01:44 -05:00
Justin Bollinger 371fca1228 feat: add LLM Markov Attack (menu option 15)
Add a new attack mode that uses a local LLM via Ollama to generate
password candidates, converts them into hashcat .hcstat2 Markov
statistics via hcstat2gen, and runs a Markov-enhanced mask attack.

Two generation sub-modes:
- Wordlist-based: feeds sample from an existing wordlist to the LLM
  as pattern context (config-selectable default with Y/N override)
- Target-based: prompts for company name, industry, and location
  for contextual password generation

Pipeline: Ollama API -> candidate file -> hcstat2gen -> LZMA compress
-> hashcat -a 3 --markov-hcstat2

Config additions: ollamaUrl, ollamaModel, markovCandidateCount,
markovWordlist. No new pip dependencies (uses stdlib urllib/lzma).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 13:13:39 -05:00
Justin Bollinger 55b7f0fc62 fix: separate hcatPath (hashcat dir) from hate_path (asset dir)
hcatPath now exclusively points to the hashcat install directory and is
auto-discovered from PATH when not configured. hate_path is resolved
from the package directory (installed) or repo root (development) with
no auto-discovery. Extracted vendor-assets/clean-vendor Makefile targets
to deduplicate the install logic.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-12 20:23:12 -05:00
Justin Bollinger efc25c335a Apply ruff formatting fixes
- Fix line length and formatting in hate_crack/api.py
- Fix line wrapping and f-string formatting in hate_crack/attacks.py
- Apply code style improvements in hate_crack/main.py
- Format test files for consistency
- All changes applied via 'ruff check --fix'
2026-02-09 20:08:51 -05:00
Justin Bollinger 210a4006f5 removed extended expander 2026-02-06 19:37:39 -05:00
Justin Bollinger 59cbad7890 working loopback mode with tests 2026-02-06 15:06:25 -05:00
Justin Bollinger 40172c8df9 updated loopback logic and added testing 2026-02-06 14:37:37 -05:00
Justin Bollinger 4f51ce7379 updated loopback logic and added testing 2026-02-06 14:36:15 -05:00
Justin Bollinger 742529962a test: improve live test to skip gracefully when server unavailable
- Add server reachability check before attempting connection
- Test skips if Hashview server is not available on localhost:5000
- Prevents test failures when HASHVIEW_TEST_REAL env var is set but server isn't running
- Allows test to succeed when Docker/server is available and configured
2026-02-06 09:43:23 -05:00
Justin Bollinger 56dd272e75 test: update CLI menu test strings to match recent changes
The Hashview menu has been updated:
- Old: 'Available Customers'
- New: 'What would you like to do?'

Updated test to check for the current menu text that displays
when using the --hashview flag.
2026-02-06 09:39:07 -05:00
Justin Bollinger b52d856d7b download wordlists testing 2026-02-05 17:36:46 -05:00
Justin Bollinger b16c3a1d26 fixed wordlist download and unit testing for live api 2026-02-05 16:32:17 -05:00
Justin Bollinger c1d5658dd6 automatic hash_id detection via api for hashview hashes and updated tests. 2026-02-05 15:39:08 -05:00
Justin Bollinger 092b63f82c automatic hash_id detection via api for hashview hashes 2026-02-05 14:56:27 -05:00
Justin Bollinger 0c0690e2ef lots of refactoring around the menues and building out test cases 2026-02-05 13:52:06 -05:00
Justin Bollinger c049065924 Update hashview API flow and tests 2026-02-04 15:48:19 -05:00
Justin Bollinger 70334f0024 rule download fixes from hashmob 2026-02-03 19:44:58 -05:00
Justin Bollinger f33ca19107 expanded tests and hashview menu changes 2026-02-03 19:28:45 -05:00
Justin Bollinger ee375cfbd7 fixed menu pytest options that failed after updating them 2026-02-02 13:18:12 -05:00
Justin Bollinger 0431d10e26 fixed wordlist display 2026-02-02 12:39:24 -05:00
Justin Bollinger 23134be3a0 Revert ancestor asset lookup 2026-02-01 22:41:42 -05:00
Justin Bollinger 4402d3175b Fix uv tool asset lookup 2026-02-01 22:32:24 -05:00
Justin Bollinger e2775b1e53 Add regression tests for asset path separation
Tests now verify that hashcat-utils are loaded from hate_crack repo
even when hcatPath points to a different directory (like /opt/hashcat).

Why previous tests didn't catch this bug:
- config.json.example has hcatPath = "" (empty)
- Code has fallback: hcatPath = config.get('hcatPath', '') or hate_path
- So hcatPath accidentally defaulted to hate_path during testing
- This masked the bug where utilities incorrectly used hcatPath

Added tests that would have caught this:
- test_hashcat_utils_uses_hate_path_not_hcat_path
- test_config_with_explicit_hashcat_path
- test_readme_documents_correct_usage

Also added code comment documenting the fallback behavior.
2026-02-01 22:06:52 -05:00
Justin Bollinger 52f8d5ee8b Fix asset path resolution: separate hashcat and hate_crack locations
BREAKING CHANGE: Corrected understanding of hcatPath configuration

- hcatPath should point to hashcat binary location (or omit if in PATH)
- hashcat-utils and princeprocessor are located in hate_crack repo
- Changed code to use hate_path for utilities instead of hcatPath
- Updated error messages to guide users correctly
- Updated README with correct configuration examples
- Asset discovery now properly uses HATE_CRACK_HOME environment variable

This fixes the issue where users had hcatPath pointing to hashcat
installation but the code was looking there for hashcat-utils.
2026-02-01 22:05:27 -05:00
Justin Bollinger 33a20d2540 Improve error handling for misconfigured hcatPath
- Add directory existence check in ensure_binary() before attempting make
- Provide clear error message when build directory doesn't exist
- Add troubleshooting section to README.md explaining common hcatPath mistakes
- Add tests for invalid hcatPath scenario and installed tool execution
- Helps users distinguish between hashcat path and hate_crack path

Fixes issue where users set hcatPath to hashcat installation directory
instead of hate_crack repository directory, causing confusing errors.
2026-02-01 22:02:35 -05:00
Justin Bollinger 8e6909d602 updated makefile 2026-02-01 20:46:01 -05:00
Justin Bollinger d429cede89 Merge draft PR #63 2026-01-31 23:40:09 -05:00
copilot-swe-agent[bot] ac7f809e33 Check return code and log stderr on cleanup failure
Co-authored-by: bandrel <3598052+bandrel@users.noreply.github.com>
2026-02-01 04:29:41 +00:00
copilot-swe-agent[bot] 0e7db78296 Improve error logging in Docker image cleanup
Co-authored-by: bandrel <3598052+bandrel@users.noreply.github.com>
2026-02-01 04:29:09 +00:00
copilot-swe-agent[bot] afb6a4d492 Fix Docker build to use absolute Dockerfile path
Co-authored-by: bandrel <3598052+bandrel@users.noreply.github.com>
2026-02-01 04:28:37 +00:00
copilot-swe-agent[bot] 2bddce51a4 Add Docker image cleanup to test fixture
Co-authored-by: bandrel <3598052+bandrel@users.noreply.github.com>
2026-02-01 04:28:31 +00:00
Justin Bollinger 1f5470b2f3 Expand Docker E2E tests with hashcat crack 2026-01-31 23:01:14 -05:00
Justin Bollinger 14d02eb689 Restore hate_crack package and add E2E install tests 2026-01-31 22:50:51 -05:00
Justin Bollinger 4cd3018b69 added uv pytest 2026-01-30 16:47:05 -05:00
Justin Bollinger 175ddfca4c fixed uv tool install 2026-01-30 16:39:03 -05:00
Justin Bollinger c45b30e9bb updated tests 2026-01-27 20:04:45 -05:00
Justin Bollinger 74d81da503 updated hashview apis and tests. 2026-01-27 16:00:09 -05:00
Justin Bollinger 19c6651868 updated pytests for hashview 2026-01-27 13:24:38 -05:00
Justin Bollinger 092d72f0cd updated pytests for hashview 2026-01-27 13:22:55 -05:00
Justin Bollinger 2f7e152bbd test for hashcat_utils 2026-01-26 23:28:43 -05:00
Justin Bollinger ff49d9ba1d pipal tests 2026-01-26 22:05:19 -05:00
Justin Bollinger 526b34a8ee added new tests 2026-01-26 21:08:04 -05:00
Justin Bollinger b4785c3429 weakpass tests and migration to api.py 2026-01-26 16:10:58 -05:00
Justin Bollinger 5c9ed38f75 cleanup of modules 2026-01-26 14:29:39 -05:00
Justin Bollinger 01f4e55e85 major refactor and version change to 2.0 2026-01-26 13:32:37 -05:00