``` ___ ___ __ _________ __ / | \_____ _/ |_ ____ \_ ___ \____________ ____ | | __ / ~ \__ \\ __\/ __ \ / \ \/\_ __ \__ \ _/ ___\| |/ / \ Y // __ \| | \ ___/ \ \____| | \// __ \\ \___| < \___|_ /(____ /__| \___ >____\______ /|__| (____ /\___ >__|_ \ \/ \/ \/_____/ \/ \/ \/ \/ ``` ## Installation ### 1. Install hashcat Hashcat must be installed and available in your PATH: Ubuntu/Kali: ```bash sudo apt-get install -y hashcat ``` macOS (Homebrew): ```bash brew install hashcat ``` Or download a pre-built binary from https://hashcat.net/hashcat/ and set `hcatPath` in `config.json` to its location. ### 2. Download hate_crack Clone with submodules (required for hashcat-utils, princeprocessor, and optionally omen): ```bash git clone --recurse-submodules https://github.com/trustedsec/hate_crack.git cd hate_crack ``` If you cloned without submodules, initialize them: ```bash git submodule update --init --recursive ``` Then customize configuration in `config.json` if needed (wordlist paths, API keys, etc.). Most users can skip this step as default paths work out-of-the-box. ### 3. Install dependencies and hate_crack The easiest way is to run `make` (or `make install`), which auto-detects your OS and installs: - External dependencies (p7zip, transmission-cli) - Builds submodules (hashcat-utils, princeprocessor, and optionally omen) - Python dependencies via uv and a CLI shim at `~/.local/bin/hate_crack` ```bash make ``` This is idempotent - it skips tools already installed. To force a clean reinstall: ```bash make reinstall ``` **Or install dependencies manually:** ### External Dependencies These are required for certain download/extraction flows: - `7z`/`7za` (p7zip) — used to extract `.7z` archives. - `transmission-cli` — used to download Weakpass torrents. Manual install commands: Ubuntu/Kali: ```bash sudo apt-get update sudo apt-get install -y p7zip-full transmission-cli ``` macOS (Homebrew): ```bash brew install p7zip transmission-cli ``` Then install the Python dependencies and CLI shim: ```bash uv sync mkdir -p ~/.local/bin printf '#!/usr/bin/env bash\nset -euo pipefail\nexec uv run --directory %s python -m hate_crack "$@"\n' "$(pwd)" > ~/.local/bin/hate_crack chmod +x ~/.local/bin/hate_crack ``` ------------------------------------------------------------------- ## Project Structure Core logic is now split into modules under `hate_crack/`: - `hate_crack/cli.py`: argparse helpers and config overrides. - `hate_crack/api.py`: Hashview, Weakpass, and Hashmob integrations (downloads/menus/helpers). - `hate_crack/attacks.py`: menu attack handlers. - `hate_crack/hashmob_wordlist.py`: Hashmob wordlist utilities (thin wrapper; calls into api.py). - `hate_crack/main.py`: main CLI implementation. The top-level `hate_crack.py` remains the main entry point and orchestrates these modules. ------------------------------------------------------------------- ## References and Thanks This project depends on and is inspired by a number of external projects and services. Thanks to: - Hashview (http://github.com/hashview/) - Weakpass (https://weakpass.com) - Hashmob (https://hashmob.net) ------------------------------------------------------------------- ## Usage After installing with `make`, run hate_crack from anywhere: ```bash hate_crack # or with arguments: hate_crack [options] ``` Alternatively, run via `uv`: ```bash uv run hate_crack.py ``` ### Run as a tool (recommended) Install using `make` from the repository root - this builds submodules and bundles assets: ```bash cd /path/to/hate_crack make hate_crack ``` The `make install` command creates a bash shim at `~/.local/bin/hate_crack` that runs from the repo directory, so config and assets are always found regardless of your current working directory. Config is also searched in: - Current working directory and parent directory - The repo root and package directory - `~/hate_crack`, `~/hate-crack`, or `~/.hate_crack` **Note:** The `hcatPath` in `config.json` is for the hashcat binary location only (optional if hashcat is in PATH). Hate_crack assets (hashcat-utils, princeprocessor, omen) are loaded from the repository directory and bundled automatically by `make install`. ### Run as a script The script uses a `uv` shebang. Make it executable and run: ```bash chmod +x hate_crack.py ./hate_crack.py ``` You can also use Python directly: ```bash python hate_crack.py ``` ------------------------------------------------------------------- ## Troubleshooting ### Error: Build directory does not exist If you see an error like: ``` Error: Build directory /opt/hashcat/hashcat-utils does not exist. Expected to find expander at /opt/hashcat/hashcat-utils/bin/expander. ``` This means the hate_crack assets were not bundled into the installed package. **Understanding the paths:** - `hcatPath` in config.json → points to **hashcat binary location** (optional, can be in PATH) - `hashcat-utils/` and `princeprocessor/` → bundled into the package by `make install` **Solution:** Reinstall using the Makefile, which builds submodules and installs the tool: ```bash cd /path/to/hate_crack # the repository checkout make install ``` **Default configuration (config.json.example):** Most users can use defaults without customization: - `hcatWordlists`: `./wordlists` (relative to repo root or HOME/.hate_crack) - `rules_directory`: `./hashcat/rules` (includes submodule rules) - `hcatTuning`: `` (empty string - no default tuning flags) **Example config.json customizations:** ```json { "hcatPath": "/usr/local/bin", # Location of hashcat binary (optional, auto-detected from PATH) "hcatBin": "hashcat", # Hashcat binary name "hcatWordlists": "./wordlists", # Dictionary wordlist directory (relative or absolute) "rules_directory": "./hashcat/rules", # Rules directory (relative or absolute) "hcatTuning": "", # Additional hashcat flags (empty by default) ... } ``` **Configuration loading:** - Missing config keys are automatically backfilled from `config.json.example` on startup - Config is searched in multiple locations: repo root, current working directory, `~/.hate_crack`, `/opt/hate_crack` ### Error: merge with ref 'refs/heads/master' but no such ref was fetched If you see: ``` Your configuration specifies to merge with the ref 'refs/heads/master' from the remote, but no such ref was fetched. ``` The default branch was renamed from `master` to `main`. Fix with: ```bash git remote set-head origin -a git branch -m master main git branch --set-upstream-to=origin/main main git pull ``` ------------------------------------------------------------------- ### Makefile Targets **Default (full installation)** - builds submodules, installs dependencies, and installs the tool: ```bash make # or explicitly: make install ``` This is idempotent - it skips tools already installed. **Force clean reinstall:** ```bash make reinstall ``` **Quick update** - rebuilds submodules and reinstalls tool (after pulling changes): ```bash make update ``` **Uninstall** - removes OS dependencies and tool: ```bash make uninstall ``` **Build hashcat-utils only:** ```bash make hashcat-utils ``` **Run tests** - automatically handles HATE_CRACK_SKIP_INIT when needed: ```bash make test ``` **Coverage report:** ```bash make coverage ``` **Clean build/test artifacts:** ```bash make clean ``` ------------------------------------------------------------------- ## Development ### Setting Up the Development Environment Install the project with optional dev dependencies (includes linters and testing tools): ```bash make dev-install ``` ### Running Linters and Type Checks Before pushing changes, run these checks locally. Use `make lint` for everything, or run individual checks: **Ruff (linting and formatting):** ```bash make ruff # or manually: uv run ruff check hate_crack ``` Auto-fix issues: ```bash uv run ruff format hate_crack uv run ruff check --fix hate_crack ``` **ty (type checking):** ```bash make ty # or manually: uv run ty check hate_crack ``` **Run all checks together:** ```bash make lint ``` ### Running Tests Tests auto-detect when submodules are not built and set `HATE_CRACK_SKIP_INIT=1` automatically. ```bash make test ``` Or run pytest directly: ```bash uv run pytest -v ``` With coverage: ```bash make coverage ``` Or with pytest: ```bash uv run pytest --cov=hate_crack ``` ### Git Hooks (prek) Git hooks are managed by [prek](https://github.com/j178/prek) (v0.3.3+). Install hooks with: ```bash prek install --hook-type pre-push --hook-type post-commit ``` This installs hooks defined in `prek.toml` using the pre-commit local-repo TOML schema: - **pre-push**: ruff, ty, pytest, pytest-lima - **post-commit**: audit-docs Note: prek 0.3.3 expects `repos = [...]` at the top level. The old `[hooks.] commands = [...]` format is not supported. ### Arrow-Key Menu Navigation (Optional) Install the `[tui]` extra to enable arrow-key menu navigation via `simple-term-menu`: ```bash uv pip install '.[tui]' ``` When installed and running in a terminal (TTY), menus render with arrow-key navigation and number-key shortcuts. Without it, the classic numbered `print()` + `input()` menu is used. To force the plain numbered menu even when `simple-term-menu` is installed, set `HATE_CRACK_PLAIN_MENU=1`. ### Dev Dependencies The optional `[dev]` group includes: - **ty** - Static type checker - **ruff** - Fast Python linter and formatter - **pytest** - Testing framework - **pytest-cov** - Coverage reporting ------------------------------------------------------------------- Common options: - `--download-hashview`: Download hashes from Hashview before cracking. - `--hashview`: Interactive Hashview menu for managing hashes, wordlists, and jobs. - `--hashview --help`: Show Hashview command-line options. - `--weakpass`: Download wordlists from Weakpass. - `--hashmob`: Download wordlists from Hashmob.net. - `--download-torrent `: Download a specific Weakpass torrent file. - `--download-all-torrents`: Download all available Weakpass torrents from cache. - `--wordlists-dir ` / `--optimized-wordlists-dir `: Override wordlist directories. - `--pipal-path `: Override pipal path. - `--maxruntime `: Override max runtime. - `--bandrel-basewords `: Override bandrel basewords file. - `--debug`: Enable debug logging (writes to stderr). ### Hashview Integration hate_crack integrates with Hashview for centralized hash management and distributed cracking. #### Interactive Menu Access the interactive Hashview menu: ```bash hate_crack.py --hashview ``` Menu options: - **(1) Upload Cracked Hashes** - Upload cracked results from current session to Hashview - **(2) Upload Wordlist** - Upload a wordlist file to Hashview - **(3) Download Wordlist** - Download a wordlist from Hashview - **(4) Download Left Hashes** - Download remaining uncracked hashes (prompts to switch for cracking) - **(5) Download Found Hashes** - Download already-cracked hashes with cleartext passwords (for reference/analysis) - **(6) Upload Hashfile and Create Job** - Upload new hashfile and create a cracking job - **(99) Back to Main Menu** - Return to main menu **Important: Download Found vs Download Left** - **Download Left Hashes (4)**: Downloads uncracked hashes that need cracking. Automatically merges with any found hashes if available, and prompts to switch to this hashfile for cracking. - **Download Found Hashes (5)**: Downloads already-cracked hashes in hash:cleartext format. These are for reference and cannot be cracked further. No switch prompt is shown. #### Command-Line Interface Hashview operations can also be performed via command-line: Upload cracked hashes: ```bash hate_crack.py --hashview upload-cracked --file .out --hash-type 1000 ``` Upload a wordlist: ```bash hate_crack.py --hashview upload-wordlist --file .txt --name "My Wordlist" ``` Download left hashes (uncracked hashes for cracking): ```bash hate_crack.py --hashview download-left --customer-id 1 --hashfile-id 123 ``` Download found hashes (already-cracked hashes with cleartext): ```bash hate_crack.py --hashview download-found --customer-id 1 --hashfile-id 123 ``` Upload hashfile and create job: ```bash hate_crack.py --hashview upload-hashfile-job --file hashes.txt --customer-id 1 \ --hash-type 1000 --job-name "NTLM Crack Job" --hashfile-name "Domain Hashes" ``` #### Configuration Set Hashview credentials in `config.json`: ```json { "hashview_url": "https://hashview.example.com", "hashview_api_key": "your-api-key-here" } ``` #### Ollama Configuration The LLM Attack (option 15) uses Ollama to generate password candidates. Configure the model and context window in `config.json`: ```json { "ollamaModel": "mistral", "ollamaNumCtx": 2048 } ``` - **`ollamaModel`** — The Ollama model to use for candidate generation (default: `mistral`). - **`ollamaNumCtx`** — Context window size for the model (default: `2048`). - The Ollama URL defaults to `http://localhost:11434`. Ensure Ollama is running before using the LLM Attack. #### Automatic Update Checks hate_crack can automatically check GitHub for newer releases on startup. This feature is controlled by the `check_for_updates` config option: ```json { "check_for_updates": true } ``` - **`check_for_updates`** — Enable automatic version checks on startup (default: `true`). - When enabled, hate_crack fetches the latest release info from GitHub and displays a notice if an update is available. - The check runs asynchronously and does not block startup. Network errors are silently ignored. #### Automatic Found Hash Merging (Download Left Only) When downloading left hashes (uncracked hashes), hate_crack automatically: 1. Attempts to download any found (cracked) hashes from Hashview as an auxiliary operation 2. Merges found hashes with local `.out` files (e.g., `left_1_123.txt.out` or `left_1_123.nt.txt.out` for pwdump format) 3. Removes duplicate entries 4. Cleans up temporary split files after merging This ensures your local cracking results stay synchronized with Hashview's centralized database when working with uncracked hashes. **Note:** The download-found option downloads already-cracked hashes separately for reference purposes and does not perform any merging or prompt for cracking. The is attained by running `hashcat --help` Example Hashes: http://hashcat.net/wiki/doku.php?id=example_hashes ``` $ hashcat --help |grep -i ntlm 5500 | NetNTLMv1 | Network protocols 5500 | NetNTLMv1 + ESS | Network protocols 5600 | NetNTLMv2 | Network protocols 1000 | NTLM | Operating-Systems ``` ``` $ ./hate_crack.py 1000 ___ ___ __ _________ __ / | \_____ _/ |_ ____ \_ ___ \____________ ____ | | __ / ~ \__ \\ __\/ __ \ / \ \/\_ __ \__ \ _/ ___\| |/ / \ Y // __ \| | \ ___/ \ \____| | \// __ \\ \___| < \___|_ /(____ /__| \___ >____\______ /|__| (____ /\___ >__|_ \ \/ \/ \/_____/ \/ \/ \/ \/ Version 2.0 ``` ------------------------------------------------------------------- ## Testing The test suite is mostly offline and uses mocks/fixtures. Live network checks and system dependency checks are opt-in via environment variables. ### Running Tests Locally ```bash # Run all tests uv run pytest -v # Run specific test uv run pytest tests/test_hashview.py -v ``` You can also run the full suite with `make test`. ### Live Tests (Opt-In) Set any of the following to enable live checks: - `HASHMOB_TEST_REAL=1` — live Hashmob connectivity/CLI menu check - `HASHVIEW_TEST_REAL=1` — live Hashview CLI menu check - `WEAKPASS_TEST_REAL=1` — live Weakpass CLI menu check - `HATE_CRACK_REQUIRE_DEPS=1` — fail if `7z` or `transmission-cli` is missing ### Live Hashview Upload Test The live Hashview upload test is skipped by default. To run it, set the environment variable and provide valid credentials in `config.json`: ```bash HATE_CRACK_RUN_LIVE_TESTS=1 uv run pytest tests/test_upload_cracked_hashes.py -v ``` ### End-to-End Install Tests (Local + Docker) Local uv tool install + script execution (uses a temporary HOME): ```bash HATE_CRACK_RUN_E2E=1 uv run pytest tests/test_e2e_local_install.py -v ``` Docker-based end-to-end install/run (cached via `Dockerfile.test`): ```bash HATE_CRACK_RUN_DOCKER_TESTS=1 uv run pytest tests/test_docker_script_install.py -v ``` The Docker E2E test also downloads a small subset of rockyou and runs a basic hashcat crack to validate external tool integration. Lima VM end-to-end test (macOS only): Prerequisites: [Lima](https://lima-vm.io/) and `rsync` must be installed. ```bash brew install lima ``` The test VM provisions automatically with all Linux dependencies (hashcat, build-essential, curl, git, gzip, p7zip-full, transmission-cli, ocl-icd-libopencl1, pocl-opencl-icd, uv). ```bash HATE_CRACK_RUN_LIMA_TESTS=1 uv run pytest tests/test_lima_vm_install.py -v ``` This test validates installation and execution within a lightweight Linux VM on macOS. ### Test Structure - **tests/test_hashview.py**: Comprehensive test suite for HashviewAPI class with mocked API responses, including: - Customer listing and data validation - Authentication and authorization tests - Hashfile upload functionality - Complete job creation workflow All tests use mocked API calls, so they can run without connectivity to a Hashview server. ------------------------------------------------------------------- (1) Quick Crack (2) Extensive Pure_Hate Methodology Crack (3) Brute Force Attack (4) Top Mask Attack (5) Fingerprint Attack (6) Combinator Attack (7) Hybrid Attack (8) Pathwell Top 100 Mask Brute Force Crack (9) PRINCE Attack (10) YOLO Combinator Attack (11) Middle Combinator Attack (12) Thorough Combinator Attack (13) Bandrel Methodology (14) Loopback Attack (15) LLM Attack (16) OMEN Attack (90) Download rules from Hashmob.net (91) Analyze Hashcat Rules (92) Download wordlists from Hashmob.net (93) Weakpass Wordlist Menu (94) Hashview API (95) Analyze hashes with Pipal (96) Export Output to Excel Format (97) Display Cracked Hashes (98) Display README (99) Quit Select a task: ``` ------------------------------------------------------------------- #### Quick Crack Runs a dictionary attack using all wordlists configured in your `hcatWordlists` path and optionally applies rules. Multiple rules can be selected by comma-separated list, and chains can be created with the '+' symbol. ``` Which rule(s) would you like to run? (1) best64.rule (2) d3ad0ne.rule (3) T0XlC.rule (4) dive.rule (99) YOLO...run all of the rules Enter Comma separated list of rules you would like to run. To run rules chained use the + symbol. For example 1+1 will run best64.rule chained twice and 1,2 would run best64.rule and then d3ad0ne.rule sequentially. Choose wisely: ``` #### Extensive Pure_Hate Methodology Crack Runs several attack methods provided by Martin Bos (formerly known as pure_hate): * Brute Force Attack (7 characters) * Dictionary Attack * All wordlists in `hcatWordlists` with `best64.rule` * `rockyou.txt` with `d3ad0ne.rule` * `rockyou.txt` with `T0XlC.rule` * Top Mask Attack (Target Time = 4 Hours) * Fingerprint Attack * Combinator Attack * Hybrid Attack * Extra - Just For Good Measure - Runs a dictionary attack using `rockyou.txt` with chained `combinator.rule` and `InsidePro-PasswordsPro.rule` rules #### Brute Force Attack Brute forces all characters with the choice of a minimum and maximum password length. #### Top Mask Attack Uses StatsGen and MaskGen from PACK (https://thesprawl.org/projects/pack/) to perform a top mask attack using passwords already cracked for the current session. Presents the user a choice of target cracking time to spend (default 4 hours). #### Fingerprint Attack https://hashcat.net/wiki/doku.php?id=fingerprint_attack Runs a fingerprint attack using passwords already cracked for the current session. #### Combinator Attack https://hashcat.net/wiki/doku.php?id=combinator_attack Runs a combinator attack using the "rockyou.txt" wordlist. #### Hybrid Attack https://hashcat.net/wiki/doku.php?id=hybrid_attack * Runs several hybrid attacks using the "rockyou.txt" wordlists. - Hybrid Wordlist + Mask - ?s?d wordlists/rockyou.txt ?1?1 - Hybrid Wordlist + Mask - ?s?d wordlists/rockyou.txt ?1?1?1 - Hybrid Wordlist + Mask - ?s?d wordlists/rockyou.txt ?1?1?1?1 - Hybrid Mask + Wordlist - ?s?d ?1?1 wordlists/rockyou.txt - Hybrid Mask + Wordlist - ?s?d ?1?1?1 wordlists/rockyou.txt - Hybrid Mask + Wordlist - ?s?d ?1?1?1?1 wordlists/rockyou.txt #### Pathwell Top 100 Mask Brute Force Crack Runs a brute force attack using the top 100 masks from KoreLogic: https://blog.korelogic.com/blog/2014/04/04/pathwell_topologies #### PRINCE Attack https://hashcat.net/events/p14-trondheim/prince-attack.pdf Runs a PRINCE attack using wordlists/rockyou.txt #### YOLO Combinator Attack Runs a continuous combinator attack using random wordlists from the configured wordlists directory for the left and right sides. #### Middle Combinator Attack https://jeffh.net/2018/04/26/combinator_methods/ Runs a modified combinator attack adding a middle character mask: wordlists/rockyou.txt + masks + worklists/rockyou.txt Where the masks are some of the most commonly used separator characters: 2 4 - _ , + . & #### Thorough Combinator Attack https://jeffh.net/2018/04/26/combinator_methods/ * Runs many rounds of different combinator attacks with the rockyou list. - Standard Combinator attack: rockyou.txt + rockyou.txt - Middle Combinator attack: rockyou.txt + ?n + rockyou.txt - Middle Combinator attack: rockyou.txt + ?s + rockyou.txt - End Combinator attack: rockyou.txt + rockyou.txt + ?n - End Combinator attack: rockyou.txt + rockyou.txt + ?s - Hybrid middle/end attack: rockyou.txt + ?n + rockyou.txt + ?n - Hybrid middle/end attack: rockyou.txt + ?s + rockyou.txt + ?s #### Bandrel Methodology Prompts for comma-separated names and creates a pseudo hybrid attack by capitalizing the first letter and adding up to six additional characters at the end. Each word is limited to a total of five minutes. - Built-in common words (seasons, months) included as a customizable `config.json` entry (`bandrel_common_basedwords`) - The default five-minute time limit is customizable via `bandrelmaxruntime` in `config.json` #### Loopback Attack https://hashcat.net/wiki/doku.php?id=loopback_attack Uses hashcat's loopback mode to feed cracked passwords from the current session back into the attack pipeline with rules applied. This generates new password candidates based on variations of already-cracked passwords, which is particularly effective for finding related passwords that follow similar patterns. * Prompts for rule selection to apply to the loopback candidates * Uses an empty wordlist with the --loopback flag to process previously cracked passwords * Automatically downloads Hashmob rules if no rules are available locally #### LLM Attack Uses a local Ollama instance to generate password candidates for a capture-the-flag scenario. Prompts for the fake company name, industry, and location, then sends these details to the configured LLM model to produce likely password candidates using industry terms and company name permutations. The generated candidates are fed into a hashcat wordlist+rules attack. * Requires a running Ollama instance (default: `http://localhost:11434`) * Configurable model and context window via `config.json` (see Ollama Configuration below) * Prompts for target company name, industry, and location #### OMEN Attack Uses the Ordered Markov ENumerator (OMEN) to train a statistical password model from a wordlist and generate password candidates. This attack learns patterns from known passwords and generates new candidates based on those patterns. * Requires OMEN binaries (createNG and enumNG) to be built from the omen submodule * Interactive menu: use existing model, train new model, or cancel * Training wordlist picker shows available wordlists from configured directory or accepts a custom path * Validates all 5 required model files (createConfig, CP/IP/EP/LN.level) before running * Captures and reports enumNG errors instead of failing silently * Generates up to a specified number of password candidates (configurable via `omenMaxCandidates`) * Pipes generated candidates directly into hashcat for cracking * Model files and metadata are stored in `~/.hate_crack/omen/` for persistence across sessions #### Download Rules from Hashmob.net Downloads the latest rule files from Hashmob.net's rule repository. These rules are curated and optimized for password cracking and can be used with the Quick Crack and Loopback Attack modes. * Downloads rule sets in parallel using a thread pool (up to 4 concurrent downloads) * Skips rules already downloaded locally * Reports download summary with success/failure counts * Stores rules in the configured rules directory #### Analyze Hashcat Rules Powered by HashcatRosetta (https://github.com/bandrel/HashcatRosetta), this feature analyzes hashcat rule files to provide detailed insights into rule composition and complexity. * Prompts for a rule file path * Displays frequency analysis of rule opcodes (operations) * Helps understand what transformations a rule set performs * Useful for rule debugging and optimization #### Download Wordlists from Hashmob.net Downloads wordlists from Hashmob.net's collection of cracked passwords and commonly used wordlists. * Interactive menu for browsing available wordlists * Progress tracking for large downloads * Stores wordlists in configured wordlist directory #### Weakpass Wordlist Menu Interactive menu for downloading and managing wordlists from Weakpass.com via BitTorrent. * Browse available Weakpass wordlist torrents * Download specific wordlists or entire collections * Automatic extraction of compressed archives * Progress tracking for torrent downloads ------------------------------------------------------------------- ### Version History Version 2.0+ - Fixed OMEN attack failing silently when model files were incomplete or enumNG errors occurred - OMEN attack now validates all 5 required model files, captures enumNG stderr, and provides a train/use/cancel menu with wordlist picker - Filtered `.7z`, `.torrent`, and `.out` files from wordlist selection menus (#80) - Parallelized Hashmob rule downloads using a thread pool with success/failure summary (#81) - Added dynamic optimized kernel (`-O`) flag per attack type via `optimizedKernelAttacks` config (#82) - Replaced `uv tool install` with a bash shim for reliable config and asset resolution from any working directory - Fixed config resolution to search the repo root and package directory in addition to CWD - Fixed bare NTLM hash detection failing when hash files contain leading blank lines, BOM characters, or null bytes from UTF-16 encoding - Improved error message for unrecognized hash formats to show the actual first-line content and list expected formats - Fixed rule file path construction in Quick Crack and Loopback Attack using `os.path.join()` instead of string concatenation - Added automatic update checks on startup (check_for_updates config option) - Added `packaging` dependency for version comparison - Added OMEN Attack (option 16) using statistical model-based password generation - Added OMEN configuration keys (omenTrainingList, omenMaxCandidates) - Added LLM Attack (option 15) using Ollama for AI-generated password candidates - Added Ollama configuration keys (ollamaModel, ollamaNumCtx) - Auto-versioning via setuptools-scm from git tags Version 2.0 Modularized codebase into CLI/API/attacks modules Unified CLI options with config overrides (hashview, hashcat, wordlists, pipal) Added Hashview API integration Added Weakpass torrent download helpers and Hashmob download wrapper Improved test coverage and snapshot-based menu validation Updated documentation and versioning Version 1.9 Revamped the hate_crack output to increase processing speed exponentially combine_ntlm_output function for combining Introducing New Attack mode "Bandrel Methodology" Updated pipal function to output top x number of basewords Version 1.08 Added a Pipal menu Option to analyze hashes. https://github.com/digininja/pipal Version 1.07 Minor bug fixes with pwdump formating and unhexify function Version 1.06 Updated the quick crack and recylcing functions to use user customizable rules. Version 1.05 Abstraction of rockyou.txt so that you can use whatever dictionary that you would like to specified in the config.json Minor change the quickcrack that allows you to specify 0 for number of times best64 is chained Version 1.04 Two new attacks Middle Combinator and Thorough Combinator Version 1.03 Introduction of new feature to use session files for multiple concurrent sessions of hate_crack Minor bug fix Version 1.02 Introduction of new feature to export the output of pwdump formated NTDS outputs to excel with clear-text passwords Version 1.01 Minor bug fixes Version 1.00 Initial public release